[sudo-users] (Probably) basic problem with sudo and kerberos tickets
chy.causer at gmail.com
Wed Sep 16 04:27:03 EDT 2009
The problem still exists but I can perhaps provide more information:
1) I was wrong: the ticket is only deleted if you have to enter your
password. If you use a timeout terminal (ie no password) then the ticket is
2) If you move the ticket file to say /tmp/wibble and reset the environment
variable $KRB5CCNAME to /tmp/wibble, then the ticket is preserved no matter
how you sudo.
3) If you use a local account (ie one that uses passwd/shadow) then the
ticket is preserved. AFAIK this only happens to users who authenticate using
I would be so grateful if anyone could help me. I've been looking over the
source and I cannot for the life of me see where anything would delete the
ticket file in tmp when you authenticate but not when you use a cached sudo.
More information about the sudo-users