Hi, I've searched the list and google, but can't seem to find a report on the problem I'm having. pam_krb5-1.56-1 under Redhat 8. It works perfectly in every way I've tested. I have noticed just one glitch recently: When a user's password is expired, they are prompted to change it and upon successful change, they are logged in. However, they have no KRB5CCNAME and klist reports: klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_1084) (notice the lack of hash after the UID ). A simple kinit will fix this, but when users login with a non-expired password, they get the proper KRB5CCNAME variable and proper klist results showing a cache of FILE:/tmp/krb5cc_uid_hash Anyone see this before ? Thanks in advance. Our system-auth in /etc/pam.d looks like: auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok auth sufficient /lib/security/pam_krb5.so use_first_pass auth required /lib/security/pam_deny.so account sufficient /lib/security/pam_krb5.so account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 type= password sufficient /lib/security/pam_krb5.so use_authtok password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow nis password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so session optional /lib/security/pam_krb5.so Thanks, Mike. _______________________________________________ Pam-list@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/pam-list
