[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GSSAPI lib from Heimdal does not cleanup credentials in OpenSSH
Michal Prochazka wrote:
> I'm using OpenSSH 4.3p2 and it does not cleanup delegated kerberos
> tickets after user logout. OpenSSH is compiled with Heimdal 0.7.2. I
> tried OpenSSH to compile with MIT kerberos and it cleanups tickets.
> So the difference is only in gssapi library. I have searched mailing
> lists but nobody mentioned this problem, am I doing something wrong?
When you say cleanup tickets, I assume you mean the ticket cache.
Is this a PAM session problem? OpenSSH will call pam_close_session
and the pam_krb5 can cleanup the ticket cache.
> Michal P.
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439