auth sufficient pam_krb5.so ignore_root forwardable debug auth sufficient pam_unix.so try_first_pass nullok_secure auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so
we still use pam_ldap, so that's why it is there. When we started experimenting with kerberos (and NFSv4+krb5) six months ago, I noticed that when using gnome-screensaver the tickets weren't refreshed like they were with xscreensaver.. That is now fixed in g-s. -- doesn't renew tgt when used with xscreensaver https://launchpad.net/bugs/49956 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs