[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#339734: openssh-server: Kerberos tickets are not saved (pam_krb5)

marcus <marcus@better.se> writes:

> Package: openssh-server
> Version: 1:4.2p1-5
> Severity: normal

> I use OpenSSH with PAM authentication (UsePAM yes) and the pam_krb5
> module. When I log in with SSH, the server correctly checks the
> password agains Kerberos, but the ticket is not saved, so I have to do
> "kinit" and authenticate again.

> README.Debian mentions that Kerberos ticket saving does not work with
> privilege separation. But I have "UsePrivilegeSeparation no" in
> sshd_config, and it still doesn't work.

> I seem to remember that turning off privilege separation used to work
> with OpenSSH 3.x, but apparently this is no longer the case.

I think this is actually a bug in libpam-krb5, not in openssh.  I'm about
to upload a new libpam-krb5 package that works for me (with PAM and with
privilege separation).  Give that a try when it gets into the archive and
see if it works for you.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: