[OpenAFS] How to replace pam_krb5 on RHEL 8 systems
Dave Botsch
botsch@cnf.cornell.edu
Mon, 11 Jul 2022 14:04:49 -0400
Maybe it's not in newer release of openssh?
RHEL8 is using:
$ rpm -q openssh-server
openssh-server-8.0p1-13.el8.x86_64
And from the man page:
KerberosUniqueCCache
Specifies whether to store the acquired tickets in the
per-session credential cache under /tmp/ or whether to use
per-user credential cache as configured in /etc/krb5.conf.
The default value no can lead to overwriting previous
tickets by subseqent connections to the same user account.
And this gets a bit interesting depending on what's in /etc/krb5.conf
and if using sssd what's in sssd.conf for kerberos.
Thanks.
On Mon, Jul 11, 2022 at 07:54:12PM +0200, Dirk Heinrichs wrote:
> Dave Botsch:
>=20
> > KerberosUniqueCCache=3Dyes in sshd.conf
>=20
> Could you elaborate on what this option is good for? I can't find it in
> sshd_config(5), neither on a Debian Bookworm system with OpenSSH 9.0,
> nor in online man-pages of Arch Linux or upstream OpenSSH. Is this some
> special RH-only thing?
>=20
> Thanks a lot...
>=20
> =A0=A0=A0 Dirk
>=20
> --=20
> Dirk Heinrichs <dirk.heinrichs@altum.de>
> Matrix-Adresse: @heini:chat.altum.de
> GPG Public Key: 80F1540E03A3968F3D79C382853C32C427B48049
> Privacy Handbuch: https://www.privacy-handbuch.de
>=20
--=20
********************************
David William Botsch
Programmer/Analyst
@CornellCNF
botsch@cnf.cornell.edu
********************************