[OpenAFS] How to replace pam_krb5 on RHEL 8 systems

[Ken Hornstein]

>I think all we had to do, actually, was set appropriate options for
>GSSAPI in sshd_config ... and make sure it was still using PAM for the
>account and session pieces.

Right, but do you use both keyring credential caches and PAGs?  Those two
were what made things difficult for us.  In my experience if the keyring
credential cache is owned by root then you can't add new credentials to
it as a vanilla user (and vice versa).

--Ken