Solaris 9 12/03 Release Notes

Unlocking CDE Screenlock Removes Kerberos Version 5 Credentials (4674474)

If you unlock a locked CDE session, all your cached Kerberos version 5 (krb5) credentials might be removed. The result is you might not be able to access various system utilities. This problem occurs under the following conditions:

If this problem occurs, the following error message is displayed:

lock screen: PAM-KRB5 (auth): Error verifying TGT with host/host-name:
Permission denied in replay cache code

Workaround: Add the following non-pam_krb5 dtsession entries to the /etc/pam.conf file:

dtsession auth requisite
dtsession auth required

With these entries in the /etc/pam.conf file, the pam_krb5 module does not run by default.