[Samba] libpam_mount and sec=krb5
Andreas Hasenack
andreas at canonical.com
Fri Dec 23 17:21:55 UTC 2022
Hi,
On Fri, Dec 23, 2022 at 2:14 PM Stefan Kania via samba
<samba at lists.samba.org> wrote:
>
>
>
> Am 23.12.22 um 17:55 schrieb Stefan Kania via samba:
> >
> >
> > Am 23.12.22 um 17:48 schrieb Rowland Penny via samba:
> >>>
> >>
> >> It could be that pam_mount is looking for the kerberos ticket
> >> '/tmp/krb5cc_1001107' and as you can see, it is actually
> >> '/tmp/krb5cc_1001107_dUP4GZ'
> >
> > That's what I also thought, but this is the ticket filename creating
> > when the user logs in to the system. Do you know a way to force the
> > system NOT to add the last digits after the uid?
> >
>
> I now added the following parametert to my krb5.conf
>
> default_ccache_name = FILE:/tmp/krb5cc_%{uid}
>
> But it's stil the same. It looks like the problem is the extension of
> the filename. Now I'm looking for a way to get the ccache-name without it.
I didn't follow the whole thread, but if you are logging in via ssh,
it's ssh that is "mangling" the ccache filename:
https://bugzilla.mindrot.org/show_bug.cgi?id=3203
It won't follow what's set in krb5.conf. Redhat has been using a patch
for years.
More information about the samba
mailing list