[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GSSAPI lib from Heimdal does not cleanup credentials in OpenSSH

Michal Prochazka wrote:
> Hello,
> I'm using OpenSSH 4.3p2 and it does not cleanup delegated kerberos
> tickets after user logout. OpenSSH is compiled with Heimdal 0.7.2. I
> tried OpenSSH to compile with MIT kerberos and it cleanups tickets.
> So the difference is only in gssapi library. I have searched mailing
> lists but nobody mentioned this problem, am I doing something wrong?

When you say cleanup tickets, I assume you mean the ticket cache.

Is this a PAM session problem? OpenSSH will call pam_close_session
and the pam_krb5 can cleanup the ticket cache.

> Regards,
> Michal P.


  Douglas E. Engert  <DEEngert@anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444