Re: PAM/SSH and KerberosIV?

Date: 02/21/01

To: Robert Watson <>
Date: 21 Feb 2001 02:55:49 +0100

Robert Watson <> writes:
> However, this seems to have broken using unique kerberos ticket filenames
> for each session -- now it always uses /tmp/tkt1000 for uid 1000, rather
> than /tmp/tkt1000_randomnumber, meaning that if you log in twice, the
> first logout hoses the tickets for the second session. This didn't happen
> previously, and is probably an issue with that I didn't
> run into previously since I always logged in via SSH. It's probably not a
> security hole as presumably KTH does the right thing with regards to
> O_EXCL and so on, but it's not ideal.

That's what src/lib/libpam/modules/pam_kerberosIV/klogin.c does, and
yes, it should be perfectly safe.


To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message