pam_krb5.so does not save KRB5 -credentials. When one logs on with a kerberos -password, klist should list the credentials, but instead, it finds nothing. If I do "kinit" and then klist, everything is ok, so kerberos setup is correct. Reproducible: Always Steps to Reproduce: 1. install pam_krb5.so 2. configure sshd to use pam_krb5.so in the auth stack 3. log on to the system and type "klist" and see, no credentials Actual Results: See additional info. Expected Results: See additional info. pam -configs: sshd: #%PAM-1.0 auth required pam_stack.so service=system-auth auth required pam_shells.so auth required pam_nologin.so account required pam_stack.so service=system-auth #password sufficient pam_smbpass.so nodelay smbconf=/etc/samba/smb.conf password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth #session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0 027 system-auth: #%PAM-1.0 auth required /lib/security/pam_env.so #auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so likeauth nullok audit try_first_pass auth sufficient /lib/security/pam_krb5.so ccache=/tmp/krb5cc_%u use_first_pass debug auth required /lib/security/pam_deny.so account sufficient /lib/security/pam_unix.so try_first_pass broken_shadow account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore ] /lib/security/pam_krb5.so debug account required /lib/security/pam_access.so password required /lib/security/pam_cracklib.so retry=3 try_first_pass password sufficient /lib/security/pam_unix.so nullok try_first_pass md5 shadow use_authtok password sufficient /lib/security/pam_krb5.so use_authtok try_first_pass password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so session optional /lib/security/pam_krb5.so Login process: as75|20:22|1|>ssh shetach.chem.jyu.fi Password: Last login: Tue May 8 23:17:58 2007 from as75.adsl.tnnet.fi Executing: /home/nano-supercomputer/arno/OpenFOAM/OpenFOAM-1.3/.bashrc Executing: /home/nano-supercomputer/arno/OpenFOAM/OpenFOAM-1.3/.OpenFOAM-1.3/apps/ensightFoam/bashrc Executing: /home/nano-supercomputer/arno/OpenFOAM/OpenFOAM-1.3/.OpenFOAM-1.3/apps/paraview/bashrc arno@shetach ~ $ arno@shetach ~ $ klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_45132) arno@shetach ~ $ This is wrong!!! It should work automatically like this: arno@shetach ~ $ kinit Password for arno@CC.JYU.FI: arno@shetach ~ $ klist Ticket cache: FILE:/tmp/krb5cc_45132 Default principal: arno@CC.JYU.FI Valid starting Expires Service principal 05/08/07 20:54:24 05/09/07 06:54:24 krbtgt/CC.JYU.FI@CC.JYU.FI renew until 05/08/07 20:54:24 arno@shetach ~ $ Finally, emerge --info: shetach pam.d # emerge --info Portage 2.1.2.2 (default-linux/x86/no-nptl, gcc-4.1.1, glibc-2.5-r0, 2.6.20-gentoo-r7 i686) ================================================================= System uname: 2.6.20-gentoo-r7 i686 AMD Athlon(TM) XP1700+ Gentoo Base System release 1.12.9 Timestamp of tree: Wed, 02 May 2007 07:30:07 +0000 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.15-r1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=athlon-xp -pipe -mfpmath=sse" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache1-php5/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -march=athlon-xp -pipe -mfpmath=sse" DISTDIR="/usr/portage/distfiles" FEATURES="distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="ftp://ftp.public.fix.fi/gentoo http://ftp.public.fix.fi/gentoo/ http://ftp.linux.ee/pub/gentoo/distfiles/ ftp://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ ftp://ftp.linux.ee/pub/gentoo/distfiles/" LINGUAS="fi se en he de" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X aac acl alsa apache2 apm arts audiofile automount bash-completion berkdb bitmap-fonts blas bonobo bzip2 cddb cdparanoia cdr cli cracklib crypt ctype cups curl dbm dri dv dvb dvd dvdr dvdread eds emboss encode exif expat ffmpeg fftw foomaticdb fortran gcj gd gdbm gif glut gmp gnome gnutls gphoto2 gpm gstreamer gtk gtk2 guile hal iconv ieee1394 imagemagick imap imlib ipv6 isdnlog jbig jikes jpeg jpeg2k kde kerberos ldap lesstif libg++ libwww mad maildir matroska midi mikmod mime mmap mmx mng motif mozilla mp3 mpeg mpi mplayer mysql ncurses net-fs/samba nls ogg opengl oss pam pcre pdf perl php png povray pppd python qt3 qt4 quicktime quotas rdesktop readline reflection samba sdl session spell spl sse sse2 ssl tcl tcpd tetex theora threads tiff tk truetype truetype-fonts type1-fonts unicode vorbis winbind wmf x264 x86 xine xml xorg xpm xv xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="fi se en he de" USERLAND="GNU" VIDEO_CARDS="apm ark ati chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mga neomagic nsc nv rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
*** This bug has been marked as a duplicate of bug 146449 ***