Unlocking CDE Screenlock Removes Kerberos Version 5 Credentials (4674474)
If you unlock a locked CDE session, all your cached Kerberos version 5 (krb5) credentials might be removed. The result is you might not be able to access various system utilities. This problem occurs under the following conditions:
-
In the /etc/pam.conf file, the dtsession services for your system are configured to use the krb5 module by default.
-
You lock your CDE session, and then try to unlock the session.
If this problem occurs, the following error message is displayed:
lock screen: PAM-KRB5 (auth): Error verifying TGT with host/host-name: Permission denied in replay cache code |
Workaround: Add the following non-pam_krb5 dtsession entries to the /etc/pam.conf file:
dtsession auth requisite pam_authtok_get.so.1 dtsession auth required pam_unix_auth.so.1 |
With these entries in the /etc/pam.conf file, the pam_krb5 module does not run by default.
- © 2010, Oracle Corporation and/or its affiliates