search for: krb5cc_xxx

...ebug1: userauth-request for user <user>/<domain> service ssh-connection method keyboard-interactive What does 'Got no client credentials' mean? The client is sending them, so where do they go? Checking the ticket cache on the client... # klist Credentials cache: FILE:/tmp/krb5cc_xxx Principal: <user>/<domain>@<realm> Issued Expires Principal Nov 3 17:36:40 Nov 4 03:36:40 krbtgt/domain at realm Nov 3 17:37:52 Nov 4 03:36:40 host/<machine>@<realm> So it's even getting the ticket for the machine it is tryi...

...tus: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: gunnar at Astrogator.SE pam_setcred() is called before the UID is set to the users own, and pam_krb5 on Solaris sets the owner of of the /tmp/krb5cc_xxx file to root. The pam_krb5 module should really check this, but it does not, and a simple workaround is to move the setcred call to after the UID setting. *** session.c-ORG Mon Feb 25 16:48:03 2002 --- session.c Mon Apr 22 03:48:01 2002 *************** *** 1135,1140 **** --- 1135,1145 ---- ex...