[Samba] KRB5 pam_winbind using KEYRING does not work

[rme at bluemail.ch]

 > I now know what is happening, but not why.

 > If I log into a Debian computer, I get a kerberos ticket, the
 > 'KRB5CCNAME' is set in 'env' and klist shows the ticket. None of that
 > occurs on EndeavourOS (yes I managed to install it), but if you run
 > 'kinit' you get a ticket. I have no idea why it doesn't work like
 > Debian (presumably RL10 works the same, but I haven't checked).

Many thanks for going the (long) extra mile to even install EOS.
I also figured out that KEYRING actually is working but somehow 
pam_winbind seems not to be able to store the cache in KEYRING on login 
at all. When using kinit it works and also klist is showing keyring 
contents. Even after logging off and back on klist will keep the caches.

However when using kdestroy and logging off and back on I would assume 
there is new caches put on the keyring but it does not happen.

So currently I don't know how to dig deeper and gave up; returning to 
file caches.

I also tried to run older versions of krb5 (well, at least 1.20) at no 
avail. I am not experienced in PAM debugging and could not identify any 
further issues yet. Unless this is some coincidence with newer kernel 
versions as EOS/ARCH is on 6.17.5 now unless witched to LTS (6.12.56 
currently) kernels. Well, I might give this a try.
Though I am not expecting it to work as KEYRING in general seems OK as 
proven by kinit successfully populating keyring.

Thanks again for your feedback!

Rainer