Description of problem: Each time a user logs in and out again, one ccache file is left in /tmp. Users are managed in Active Directory and authenticate through nss-pam-ldapd/pam_krb5. Version-Release number of selected component (if applicable): pam_krb5-2.3.11-4.fc13.i686 How reproducible: Every time. Steps to Reproduce: 1.Log in via SSH 2.Log out Actual results: one ccache file left in /tmp Expected results: no ccache file left in /tmp Additional info: FWIW, setting multiple_ccaches did not seem to have any effect. The file left around was /tmp/krb5cc_10011_n0pEkv. It seems like this file is created just before the session starts: Jul 26 16:40:40 fedora3-f13 sshd[17380]: pam_krb5[17380]: created v5 ccache 'FILE:/tmp/krb5cc_10011_n0pEkv' for 'test05' Jul 26 16:40:40 fedora3-f13 sshd[17380]: pam_krb5[17380]: pam_open_session returning 0 (Success) Jul 26 16:40:42 fedora3-f13 sshd[17380]: Received disconnect from 10.46.208.226: 11: disconnected by user Jul 26 16:40:42 fedora3-f13 sshd[17369]: pam_unix(sshd:session): session closed for user test05 However after the session ends, a different file is tried for deletion: Jul 26 16:40:42 fedora3-f13 sshd[17369]: pam_krb5[17369]: removing ccache 'FILE:/tmp/krb5cc_10011_LCo3fe' Jul 26 16:40:43 fedora3-f13 sshd[17369]: pam_krb5[17369]: error removing ccache 'FILE:/tmp/krb5cc_10011_LCo3fe' Which has been created just before /tmp/krb5cc_10011_n0pEkv. Also, /tmp/krb5cc_10011_LCo3fe has already been deleted before /tmp/krb5cc_10011_n0pEkv was created: 17381 execve("/lib/security/pam_krb5/pam_krb5_storetmp", ["pam_krb5_storetmp", "/tmp/krb5cc_10011_LCo3fe", "4294967295", "4294967295"], [/* 15 vars */]) = 0 17381 unlink("/tmp/krb5cc_10011_LCo3fe") = 0 ... 17382 execve("/lib/security/pam_krb5/pam_krb5_storetmp", ["pam_krb5_storetmp", "/tmp/krb5cc_10011_XXXXXX", "10011", "10000"], [/* 15 vars */]) = 0 17382 open("/tmp/krb5cc_10011_n0pEkv", O_RDWR|O_CREAT|O_EXCL, 0600) = 3 ... 17422 execve("/lib/security/pam_krb5/pam_krb5_storetmp", ["pam_krb5_storetmp", "/tmp/krb5cc_10011_LCo3fe", "4294967295", "4294967295"], [/* 15 vars */]) = 0 17422 unlink("/tmp/krb5cc_10011_LCo3fe") = -1 ENOENT (No such file or directory)
Created attachment 515305 [details] /var/log/secure
Created attachment 515306 [details] strace -f -p $PID_OF_SSHD
FWIW, it seems that the file kept after logout is the one from KRB5CCNAME
Appears to be happening on RHEL 6.1 also. pam_krb5-2.3.11-6.el6.x86_64
pam_krb5-2.3.13-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/pam_krb5-2.3.13-1.fc16
Package pam_krb5-2.3.13-1.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing pam_krb5-2.3.13-1.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/pam_krb5-2.3.13-1.fc16 then log in and leave karma (feedback).
pam_krb5-2.3.13-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.