[OpenAFS] How to replace pam_krb5 on RHEL 8 systems

Ken Hornstein kenh@cmf.nrl.navy.mil
Mon, 11 Jul 2022 11:05:33 -0400

>I think all we had to do, actually, was set appropriate options for
>GSSAPI in sshd_config ... and make sure it was still using PAM for the
>account and session pieces.

Right, but do you use both keyring credential caches and PAGs?  Those two
were what made things difficult for us.  In my experience if the keyring
credential cache is owned by root then you can't add new credentials to
it as a vanilla user (and vice versa).