The pam_krb5 on RHEL5 prompts for password even though valid kerberos cache is present when running sudo.

Solution Verified - Updated -

Issue

  • With pam_krb5, sudo prompts for password while executing sudo command even though valid kerberos cache is present.

  • As per pam_krb5 man page the existing_ticket option will allow a user to authenticate with an existing cache. However, pam always looks at /tmp/krb5cc_0, the root kerberos cache, as opposed to the user cache created on login.

Environment

  • Red Hat Enterprise Linux 5 and later.
  • krb5-workstation-1.6.1-70.el5
  • sudo-1.7.2p1-13.el5

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content