我们有
auth optional pam_krb5.so try_first_pass 在
/etc/pam.d/password-auth-ac
和
/etc/pam.d/system-auth-ac
但是当我成功login后,我得到一个klist
klist: No credentials cache found (filename: /tmp/nnnnn)
这可能是什么原因?
身份validation和会话堆栈:
auth required pam_env.so auth sufficient pam_fprintd.so auth required pam_tally2.so deny=12 unlock_time=3600 auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth optional pam_krb5.so try_first_pass auth sufficient pam_sss.so forward_pass auth required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so
找出pam_krb5从会话堆栈中丢失:
session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_sss.so session required pam_krb5.so
添加会话所需的pam_krb5.so修复了这个问题。