[Samba] libpam_mount and sec=krb5
Stefan Kania
stefan at kania-online.de
Fri Dec 23 17:29:14 UTC 2022
Am 23.12.22 um 18:17 schrieb Rowland Penny via samba:
>
>
> On 23/12/2022 16:55, Stefan Kania via samba wrote:
>>
>>
>> Am 23.12.22 um 17:48 schrieb Rowland Penny via samba:
>>>>
>>>
>>> It could be that pam_mount is looking for the kerberos ticket
>>> '/tmp/krb5cc_1001107' and as you can see, it is actually
>>> '/tmp/krb5cc_1001107_dUP4GZ'
>>
>> That's what I also thought, but this is the ticket filename creating
>> when the user logs in to the system. Do you know a way to force the
>> system NOT to add the last digits after the uid?
>>
>
> I think there is a parameter you can set, try reading the krb5.conf
> manpage. Have you tried turning on debug in pam_mount.conf.xml ?
>
Yes, and I got the same error :-(.
One more thing:
I just testet kinit together with MIT-Kerberos and OpenLDAP and there I
got a filename krb5cc_<uid> without the suffix after the uid, so it must
have something to do with heimdal-kerberos if so, it would be bad.
> Rowland
>
More information about the samba
mailing list