Hi everybody, I'm having some difficulties with openssh's PAM
authentication. Specifically, it seems to be bypassing part of it.

I have PAM set up to authenticate using Kerberos. So far, so good. If
you log in at console or su with password (not root) it will create the
ccache as expected. SSH logs in fine also, and as far as I can tell is
using PAM, since the user I'm testing with only exists in Active
Directory and I can disable all GSSAPI and Kerberos options on the
server and it still authenticates.

The problem is, it does not create the credentials cache. This is the
part I don't understand. Since it must be using pam_krb5, and I have
that configured to write the ccache... well that's my disconnect.

Any help you can offer is greatly appreciated. Although it is only a
convenience, as it goes with conveniences, I'd like to have it