[Samba] libpam_mount and sec=krb5

Stefan Kania stefan at kania-online.de
Fri Dec 23 17:29:14 UTC 2022

Am 23.12.22 um 18:17 schrieb Rowland Penny via samba:
> On 23/12/2022 16:55, Stefan Kania via samba wrote:
>> Am 23.12.22 um 17:48 schrieb Rowland Penny via samba:
>>> It could be that pam_mount is looking for the kerberos ticket 
>>> '/tmp/krb5cc_1001107' and as you can see, it is actually 
>>> '/tmp/krb5cc_1001107_dUP4GZ'
>> That's what I also thought, but this is the ticket filename creating 
>> when the user logs in to the system. Do you know a way to force the 
>> system NOT to add the last digits after the uid?
> I think there is a parameter you can set, try reading the krb5.conf 
> manpage. Have you tried turning on debug in pam_mount.conf.xml ?

Yes, and I got the same error :-(.

One more thing:

I just testet kinit together with MIT-Kerberos and OpenLDAP and there I 
got a filename krb5cc_<uid> without the suffix after the uid, so it must 
have something to do with heimdal-kerberos if so, it would be bad.

> Rowland

More information about the samba mailing list