On Fri, Dec 06, 2002 at 07:21:42PM +0100, Helge Bahmann wrote:
- tickets are obtained and validated from kdc - credentials cache file /tmp/krb5cc_0 (!) is created and KRB5CCNAME set accordingly for the session
You should check the README that comes with our pam_krb5 RPM. It describes how to use separate cc files for all sessions.
- user logs out, but credentials file is *not* deleted
That is probably a bug in kdm. It should call PAM to close the session but apparently doesn't.
- error return is discarded, login continues and all processes strangely start up with root privileges
That is a bug indeed, possibly in kdm as well. I will look into this. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann