Thomas Schweikle <1852...@bugs.launchpad.net> writes: > Looks like set [appdefaults] for pam are ignored by pam_krb5.so:
> [appdefaults] > forwardable = true > noaddresses = true > proxiable = true > pam = { > minimum_uid = 1000 > alt_auth_map=root/%s > ccache_dir = /tmp/krb5cc > ccache = DIR:/tmp/krb5cc/%u_XXXXXX > } > I'd expect this to create > /tmp/krb5cc/1000_NvfDse > but: > /tmp/krb5cc_<uid> is used. > Same if I add these options to > -rw-r--r-- 1 root root 1360 Nov 18 12:25 /etc/pam.d/common-account > -rw-r--r-- 1 root root 1383 Nov 18 12:24 /etc/pam.d/common-auth > -rw-r--r-- 1 root root 1690 Nov 18 12:25 /etc/pam.d/common-password > -rw-r--r-- 1 root root 1675 Nov 18 12:25 /etc/pam.d/common-session > -rw-r--r-- 1 root root 1483 Nov 18 12:26 > /etc/pam.d/common-session-noninteractive I'm pretty sure this means that either pam_krb5 is not running or is using some other configuration. It seems unlikely that it's just ignoring option settings. Are you running some other Kerberos-aware PAM module (such as sssd) that might be setting up the ticket cache instead? Adding debug to the end of the pam_krb5.so options will produce more verbose logging. If you don't see any additional logging at DEBUG level in syslog, that means that the module isn't running at all. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/> -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1852997 Title: /etc/krb5.conf options seem to be ignored by pam_krb5.so To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpam-krb5/+bug/1852997/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs