[OpenAFS] pam_afs_session.so is unable to find Kerberos ticket cache file
Thu, 10 Dec 2009 12:50:02 -0800
Holger Rauch <firstname.lastname@example.org> writes:
> thanks for pointing this out. Indeed, that was the problem. What I
> don't understand is that even though I have
> forwardable = true
> in both pam and kinit sections within [appdefaults] in my
> /etc/krb5.conf, I still have to explicitly specify "kinit -f" in order
> to get forwardable tickets. Any idea why? (I admit that this is sort of
> OT and no really OpenAFS but rather Kerberos related).
MIT Kerberos doesn't pay any attention to the [appdefaults] section for
kinit. My PAM module pays attention to forwardable in the [appdefaults]
section, but I'm not sure if the Red Hat version does.
Putting forwardable = true in [libdefaults] configures the underlying
Kerberos libraries and therefore tends to affect everything.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>