[Samba] libpam_mount and sec=krb5
Stefan Kania
stefan at kania-online.de
Fri Dec 23 17:31:14 UTC 2022
Am 23.12.22 um 18:21 schrieb Andreas Hasenack:
> Hi,
>
> On Fri, Dec 23, 2022 at 2:14 PM Stefan Kania via samba
> <samba at lists.samba.org> wrote:
>>
>>
>>
>> Am 23.12.22 um 17:55 schrieb Stefan Kania via samba:
>>>
>>>
>>> Am 23.12.22 um 17:48 schrieb Rowland Penny via samba:
>>>>>
>>>>
>>>> It could be that pam_mount is looking for the kerberos ticket
>>>> '/tmp/krb5cc_1001107' and as you can see, it is actually
>>>> '/tmp/krb5cc_1001107_dUP4GZ'
>>>
>>> That's what I also thought, but this is the ticket filename creating
>>> when the user logs in to the system. Do you know a way to force the
>>> system NOT to add the last digits after the uid?
>>>
>>
>> I now added the following parametert to my krb5.conf
>>
>> default_ccache_name = FILE:/tmp/krb5cc_%{uid}
>>
>> But it's stil the same. It looks like the problem is the extension of
>> the filename. Now I'm looking for a way to get the ccache-name without it.
>
> I didn't follow the whole thread, but if you are logging in via ssh,
> it's ssh that is "mangling" the ccache filename:
>
> https://bugzilla.mindrot.org/show_bug.cgi?id=3203
>
> It won't follow what's set in krb5.conf. Redhat has been using a patch
> for years.
Yes I use ssh to login but I also did a "su - ktom" or a login via
lightdm to the GUI and it's the same.
More information about the samba
mailing list