My /etc/pam.d/login is: ----------------- auth required pam_securetty.so auth required pam_nologin.so auth sufficient pam_krb5.so auth required pam_unix.so try_first_pass nullok account required pam_unix.so password sufficient pam_krb5.so password required pam_cracklib.so retry=3 password required pam_unix.so use_authtok nullok shadow md5 session required pam_limits.so session required pam_unix.so session optional pam_krb5.so After successfull login using kerberos password, two credential cache files are created in /tmp, both containing valid TGTs. One of these files is pointed by KRB5CCNAME environment variable set by login. After logout, only this one is removed, and the other one stays on. Janusz
Try grabbing the pam_krb5 package from the Raw Hide tree (ftp://ftp.redhat.com//pub/rawhide/) and rebuilding it on your system. This bug is fixed in the development tree.