Bug#407754: openssh-server: GSSAPICleanupCredentials doesn't, unless PrivilegeSeparation is enabled
On Saturday, 20 January 2007 at 18:58, Russ Allbery wrote:
> Brendan Cully <brendan@kublai.com> writes:
>
> > Package: openssh-server
> > Version: 4.3p2-8
>
> > It seems that GSSAPI credentials are not cleaned up unless
> > PrivilegeSeparation is enabled. I prefer to keep that off so that I can
> > use pam_krb5 keyboard-interactive authentication when I don't already
> > have keys.
>
> pam_krb5 keyboard-interactive should work fine with privilege separation
> enabled with the libpam-krb5 in etch. Please let me know if it doesn't.
You're right, it does seem to be working now. It'd be nice if ssh
cleaned up its gssapi credentials when privsep was off, but it's much
less important to me now. Thanks.
Reply to: