[OpenAFS] How to replace pam_krb5 on RHEL 8 systems

Dave Botsch botsch@cnf.cornell.edu
Mon, 11 Jul 2022 14:04:49 -0400

Maybe it's not in newer release of openssh?

RHEL8 is using:

$ rpm -q openssh-server

And from the man page:


	     Specifies whether to store the acquired tickets in the
	     per-session credential cache under /tmp/ or whether to use
	     per-user credential cache as configured in /etc/krb5.conf.
	     The default value no can lead to overwriting previous
	     tickets by subseqent connections to the same user account.

And this gets a bit interesting depending on what's in /etc/krb5.conf
and if using sssd what's in sssd.conf for kerberos.


On Mon, Jul 11, 2022 at 07:54:12PM +0200, Dirk Heinrichs wrote:
> Dave Botsch:
> > KerberosUniqueCCache=3Dyes in sshd.conf
> Could you elaborate on what this option is good for? I can't find it in
> sshd_config(5), neither on a Debian Bookworm system with OpenSSH 9.0,
> nor in online man-pages of Arch Linux or upstream OpenSSH. Is this some
> special RH-only thing?
> Thanks a lot...
> =A0=A0=A0 Dirk
> --=20
> Dirk Heinrichs <dirk.heinrichs@altum.de>
> Matrix-Adresse: @heini:chat.altum.de
> GPG Public Key: 80F1540E03A3968F3D79C382853C32C427B48049
> Privacy Handbuch: https://www.privacy-handbuch.de

David William Botsch