pam_krb5 is spaming /tmp/ if sshd password_auth is used

Hi,

i’m currently trying to add a SLES11 SP1 server to our Kerberos/LDAP/AD (Univention UCS). So far everything is working as expected, but if somebody is logging in via “ssh-password-auth” (not keyboard-interactive!) the tickets are created in /tmp/, but it looks like there is something going wrong, because after each login another /tmp/krb5cc_[UID]_XXXXX-file is left back.

ssh -v -o 'PreferredAuthentications=password'  server

everything else like pubkey-auth, keyboard-interactive … is working/cleaned like it should - incl. “klist” returns valid tickets. Here my config-files:

/etc/ldap.conf

tls_cacert	/etc/univention/ssl/ucsCA/CAcert.pem
base	dc=ad,dc=x,dc=y,dc=z
binddn	cn=mon3,cn=computers,dc=ad,dc=x,dc=y,dc=z
bindpw	xxx
ssl	start_tls
host	ucs:7389 backup:7389
nss_map_attribute	uniqueMember uniqueMember
ldap_version	3
pam_password	crypt
pam_filter	objectClass=posixAccount
tls_checkpeer	no
bind_policy	soft

/etc/krb5.conf
[libdefaults]
	default_realm = AD.IN.x.DE
	clockskew = 300
#	default_realm = EXAMPLE.COM

[realms]
AD.IN.x.DE = {
	kdc = ucs.ad.in.x.de
	default_domain = ad.in.x.de
	admin_server = ucs.ad.in.x.de
	kdc = backup.ad.in.x.de
	admin_server = backup.ad.in.x.de
}
#	EXAMPLE.COM = {
#                kdc = kerberos.example.com
#		admin_server = kerberos.example.com
#	}

[logging]
	kdc = FILE:/var/log/krb5/krb5kdc.log
	admin_server = FILE:/var/log/krb5/kadmind.log
	default = SYSLOG:NOTICE:DAEMON
[domain_realm]
	.ad.in.x.de = AD.IN.x.DE
[appdefaults]
pam = {
	ticket_lifetime = 1d
	renew_lifetime = 1d
	forwardable = true
	proxiable = false
	minimum_uid = 1
	external = sshd
	use_shmem = sshd
}

here the verbose logs (pam_krb5 debug / sshd_config DEBUG3):

May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: default/local realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: configured realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: debug
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flags: forwardable not proxiable
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: no ignore_afs
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: no null_afs
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: user_check
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: no krb4_convert
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: krb4_convert_524
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: krb4_use_as_req
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: will try previously set password first
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: will let libkrb5 ask questions
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: use_shmem
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: external
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: warn
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: ticket lifetime: 86400s (1d,0h,0m,0s)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: renewable lifetime: 86400s (1d,0h,0m,0s)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: minimum uid: 1
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: banner: Kerberos 5
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: ccache dir: /tmp
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: ccname template: FILE:%d/krb5cc_%U_XXXXXX
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: keytab: FILE:/etc/krb5.keytab
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: token strategy: v4,524,2b,rxk5
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: pam_authenticate called for 'f.zimmermann', realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: authenticating 'f.zimmermann@AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: checking for externally-obtained v5 credentials
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: KRB5CCNAME is not set, none found
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: trying previously-entered password for 'f.zimmermann', allowing libkrb5 to prompt for more
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: authenticating 'f.zimmermann@AD.IN.x.DE' to 'krbtgt/AD.IN.x.DE@AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: krb5_get_init_creds_password(krbtgt/AD.IN.x.DE@AD.IN.x.DE) returned 0 (Success)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: got result 0 (Success)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: 'f.zimmermann@AD.IN.x.DE' passes .k5login check for 'f.zimmermann'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: saved v5 credentials to shared memory segment 264699905 (creator pid 19391)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: saved v4 credential state to shared memory segment 264732674 (creator pid 19391)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: authentication succeeds for 'f.zimmermann' (f.zimmermann@AD.IN.x.DE)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: pam_authenticate returning 0 (Success)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: default/local realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: configured realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: debug
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flags: forwardable not proxiable
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: no ignore_afs
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: no null_afs
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: user_check
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: no krb4_convert
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: krb4_convert_524
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: krb4_use_as_req
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: will try previously set password first
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: will let libkrb5 ask questions
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: use_shmem
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: external
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: warn
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: ticket lifetime: 86400s (1d,0h,0m,0s)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: renewable lifetime: 86400s (1d,0h,0m,0s)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: minimum uid: 1
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: banner: Kerberos 5
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: ccache dir: /tmp
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: ccname template: FILE:%d/krb5cc_%U_XXXXXX
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: keytab: FILE:/etc/krb5.keytab
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: token strategy: v4,524,2b,rxk5
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: pam_acct_mgmt called for 'f.zimmermann', realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: account management succeeds for 'f.zimmermann'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: 'f.zimmermann@AD.IN.x.DE' passes .k5login check for 'f.zimmermann'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: pam_acct_mgmt returning 0 (Success)
May 21 15:12:21 mon3 sshd[19391]: Accepted password for f.zimmermann from 10.0.0.217 port 41414 ssh2
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: pam_setcred (establish credential) called
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: default/local realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: configured realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: debug
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flags: forwardable not proxiable
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: no ignore_afs
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: no null_afs
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: user_check
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: no krb4_convert
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: krb4_convert_524
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: krb4_use_as_req
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: will try previously set password first
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: will let libkrb5 ask questions
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: use_shmem
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: external
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: warn
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: ticket lifetime: 86400s (1d,0h,0m,0s)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: renewable lifetime: 86400s (1d,0h,0m,0s)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: minimum uid: 1
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: banner: Kerberos 5
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: ccache dir: /tmp
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: ccname template: FILE:%d/krb5cc_%U_XXXXXX
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: keytab: FILE:/etc/krb5.keytab
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: token strategy: v4,524,2b,rxk5
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: pam_open_session called for 'f.zimmermann', realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: removing v5 shared memory segment 264699905 creator pid 19391
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: cleanup function removing shared memory segment 264699905 belonging to process 19391
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: removing v4 shared memory segment 264732674 creator pid 19391
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: cleanup function removing shared memory segment 264732674 belonging to process 19391
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: creating v5 ccache for 'f.zimmermann', uid=2618, gid=5001
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: saving v5 credentials to 'MEMORY:_pam_krb5_tmp_s_f.zimmermann@AD.IN.x.DE-0' for internal use
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: copied credentials from "MEMORY:_pam_krb5_tmp_s_f.zimmermann@AD.IN.x.DE-0" to "FILE:/tmp/krb5cc_2618_W19391" for the user, destroying "MEMORY:_pam_krb5_tmp_s_f.zimmermann@AD.IN.x.DE-0"
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: created v5 ccache 'FILE:/tmp/krb5cc_2618_mdrqil' for 'f.zimmermann'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: pam_open_session returning 0 (Success)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: default/local realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: configured realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: debug
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flags: forwardable not proxiable
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: no ignore_afs
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: no null_afs
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: user_check
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: no krb4_convert
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: krb4_convert_524
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: krb4_use_as_req
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: will try previously set password first
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: will ask for a password if that fails
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: will let libkrb5 ask questions
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: use_shmem
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: external
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: warn
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: ticket lifetime: 86400s (1d,0h,0m,0s)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: renewable lifetime: 86400s (1d,0h,0m,0s)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: minimum uid: 1
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: banner: Kerberos 5
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: ccache dir: /tmp
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: ccname template: FILE:%d/krb5cc_%U_XXXXXX
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: keytab: FILE:/etc/krb5.keytab
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: token strategy: v4,524,2b,rxk5
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: pam_open_session called for 'f.zimmermann', realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: creating v5 ccache for 'f.zimmermann', uid=2618, gid=5001
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: saving v5 credentials to 'MEMORY:_pam_krb5_tmp_s_f.zimmermann@AD.IN.x.DE-1' for internal use
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: copied credentials from "MEMORY:_pam_krb5_tmp_s_f.zimmermann@AD.IN.x.DE-1" to "FILE:/tmp/krb5cc_2618_z19391" for the user, destroying "MEMORY:_pam_krb5_tmp_s_f.zimmermann@AD.IN.x.DE-1"
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: created v5 ccache 'FILE:/tmp/krb5cc_2618_6d7xJn' for 'f.zimmermann'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: pam_open_session returning 0 (Success)
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: pam_setcred (establish credential) called
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: default/local realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: configured realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: flag: debug
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: flags: forwardable not proxiable
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: flag: no ignore_afs
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: flag: no null_afs
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: flag: user_check
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: flag: no krb4_convert
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: flag: krb4_convert_524
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: flag: krb4_use_as_req
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: will try previously set password first
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: will let libkrb5 ask questions
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: flag: use_shmem
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: flag: external
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: flag: warn
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: ticket lifetime: 86400s (1d,0h,0m,0s)
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: renewable lifetime: 86400s (1d,0h,0m,0s)
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: minimum uid: 1
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: banner: Kerberos 5
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: ccache dir: /tmp
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: ccname template: FILE:%d/krb5cc_%U_XXXXXX
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: keytab: FILE:/etc/krb5.keytab
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: token strategy: v4,524,2b,rxk5
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: pam_open_session called for 'f.zimmermann', realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: creating v5 ccache for 'f.zimmermann', uid=2618, gid=5001
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: saving v5 credentials to 'MEMORY:_pam_krb5_tmp_s_f.zimmermann@AD.IN.x.DE-2' for internal use
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: copied credentials from "MEMORY:_pam_krb5_tmp_s_f.zimmermann@AD.IN.x.DE-2" to "FILE:/tmp/krb5cc_2618_r19403" for the user, destroying "MEMORY:_pam_krb5_tmp_s_f.zimmermann@AD.IN.x.DE-2"
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: created v5 ccache 'FILE:/tmp/krb5cc_2618_L3LyAp' for 'f.zimmermann'
May 21 15:12:21 mon3 sshd[19403]: pam_krb5[19403]: pam_open_session returning 0 (Success)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: default/local realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: configured realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: debug
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flags: forwardable not proxiable
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: no ignore_afs
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: no null_afs
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: user_check
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: no krb4_convert
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: krb4_convert_524
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: krb4_use_as_req
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: will try previously set password first
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: will ask for a password if that fails
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: will let libkrb5 ask questions
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: use_shmem
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: external
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: warn
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: ticket lifetime: 86400s (1d,0h,0m,0s)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: renewable lifetime: 86400s (1d,0h,0m,0s)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: minimum uid: 1
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: banner: Kerberos 5
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: ccache dir: /tmp
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: ccname template: FILE:%d/krb5cc_%U_XXXXXX
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: keytab: FILE:/etc/krb5.keytab
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: token strategy: v4,524,2b,rxk5
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: pam_close_session called for 'f.zimmermann', realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: afs not running
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: removing ccache 'FILE:/tmp/krb5cc_2618_6d7xJn'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: destroyed v5 ccache for 'f.zimmermann'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: pam_close_session returning 0 (Success)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: pam_setcred (delete credential) called
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: default/local realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: configured realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: debug
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flags: forwardable not proxiable
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: no ignore_afs
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: no null_afs
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: user_check
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: no krb4_convert
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: krb4_convert_524
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: krb4_use_as_req
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: will try previously set password first
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: will let libkrb5 ask questions
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: use_shmem
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: external
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: flag: warn
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: ticket lifetime: 86400s (1d,0h,0m,0s)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: renewable lifetime: 86400s (1d,0h,0m,0s)
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: minimum uid: 1
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: banner: Kerberos 5
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: ccache dir: /tmp
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: ccname template: FILE:%d/krb5cc_%U_XXXXXX
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: keytab: FILE:/etc/krb5.keytab
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: token strategy: v4,524,2b,rxk5
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: pam_close_session called for 'f.zimmermann', realm 'AD.IN.x.DE'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: afs not running
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: removing ccache 'FILE:/tmp/krb5cc_2618_mdrqil'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: destroyed v5 ccache for 'f.zimmermann'
May 21 15:12:21 mon3 sshd[19391]: pam_krb5[19391]: pam_close_session returning 0 (Success)

the file left back is “/tmp/krb5cc_2618_L3LyAp” any hints how to debug/solve this?

Thanks a lot,

Fabian Zimmermann

ssh-debug was not enabled (forgot to reload/restart) - here the full-debug-log:

May 21 16:06:40 mon3 sshd[5961]: debug3: fd 4 is not O_NONBLOCK
May 21 16:06:40 mon3 sshd[5961]: debug1: Forked child 6371.
May 21 16:06:40 mon3 sshd[5961]: debug3: send_rexec_state: entering fd = 7 config len 516
May 21 16:06:40 mon3 sshd[5961]: debug3: ssh_msg_send: type 0
May 21 16:06:40 mon3 sshd[5961]: debug3: send_rexec_state: done
May 21 16:06:40 mon3 sshd[6371]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
May 21 16:06:40 mon3 sshd[6371]: debug1: inetd sockets after dupping: 3, 3
May 21 16:06:40 mon3 sshd[6371]: Connection from 10.0.0.217 port 45103
May 21 16:06:40 mon3 sshd[6371]: debug1: Client protocol version 2.0; client software version OpenSSH_5.1
May 21 16:06:40 mon3 sshd[6371]: debug1: match: OpenSSH_5.1 pat OpenSSH*
May 21 16:06:40 mon3 sshd[6371]: debug1: Enabling compatibility mode for protocol 2.0
May 21 16:06:40 mon3 sshd[6371]: debug1: Local version string SSH-2.0-OpenSSH_5.1
May 21 16:06:40 mon3 sshd[6371]: debug2: fd 3 setting O_NONBLOCK
May 21 16:06:40 mon3 sshd[6371]: debug2: Network child is on pid 6375
May 21 16:06:40 mon3 sshd[6371]: debug3: preauth child monitor started
May 21 16:06:40 mon3 sshd[6371]: debug3: mm_request_receive entering
May 21 16:06:40 mon3 sshd[6371]: debug3: monitor_read: checking request 0
May 21 16:06:40 mon3 sshd[6371]: debug3: mm_answer_moduli: got parameters: 1024 1024 8192
May 21 16:06:40 mon3 sshd[6371]: debug3: mm_request_send entering: type 1
May 21 16:06:40 mon3 sshd[6371]: debug2: monitor_read: 0 used once, disabling now
May 21 16:06:40 mon3 sshd[6371]: debug3: mm_request_receive entering
May 21 16:06:40 mon3 sshd[6371]: debug3: monitor_read: checking request 4
May 21 16:06:40 mon3 sshd[6371]: debug3: mm_answer_sign
May 21 16:06:40 mon3 sshd[6371]: debug3: mm_answer_sign: signature 0x7f76de7358a0(143)
May 21 16:06:40 mon3 sshd[6371]: debug3: mm_request_send entering: type 5
May 21 16:06:40 mon3 sshd[6371]: debug2: monitor_read: 4 used once, disabling now
May 21 16:06:40 mon3 sshd[6371]: debug3: mm_request_receive entering
May 21 16:06:40 mon3 sshd[6371]: debug3: monitor_read: checking request 6
May 21 16:06:40 mon3 sshd[6371]: debug3: mm_answer_pwnamallow
May 21 16:06:40 mon3 sshd[6371]: debug3: Trying to reverse map address 10.0.0.217.
May 21 16:06:40 mon3 sshd[6371]: debug2: parse_server_config: config reprocess config len 516
May 21 16:06:40 mon3 sshd[6371]: debug3: mm_answer_pwnamallow: sending MONITOR_ANS_PWNAM: 1
May 21 16:06:40 mon3 sshd[6371]: debug3: mm_request_send entering: type 7
May 21 16:06:40 mon3 sshd[6371]: debug2: monitor_read: 6 used once, disabling now
May 21 16:06:40 mon3 sshd[6371]: debug3: mm_request_receive entering
May 21 16:06:40 mon3 sshd[6371]: debug3: monitor_read: checking request 45
May 21 16:06:40 mon3 sshd[6371]: debug1: PAM: initializing for "f.zimmermann"
May 21 16:06:40 mon3 sshd[6371]: debug1: PAM: setting PAM_RHOST to "it-mngt1.in..de"
May 21 16:06:40 mon3 sshd[6371]: debug1: PAM: setting PAM_TTY to "ssh"
May 21 16:06:40 mon3 sshd[6371]: debug2: monitor_read: 45 used once, disabling now
May 21 16:06:40 mon3 sshd[6371]: debug3: mm_request_receive entering
May 21 16:06:40 mon3 sshd[6371]: debug3: monitor_read: checking request 3
May 21 16:06:40 mon3 sshd[6371]: debug3: mm_answer_authserv: service=ssh-connection, style=
May 21 16:06:40 mon3 sshd[6371]: debug2: monitor_read: 3 used once, disabling now
May 21 16:06:40 mon3 sshd[6371]: debug3: mm_request_receive entering
May 21 16:06:40 mon3 sshd[6371]: debug3: monitor_read: checking request 10
May 21 16:06:40 mon3 sshd[6371]: debug3: mm_answer_authpassword: sending result 0
May 21 16:06:40 mon3 sshd[6371]: debug3: mm_request_send entering: type 11
May 21 16:06:40 mon3 sshd[6371]: Failed none for f.zimmermann from 10.0.0.217 port 45103 ssh2
May 21 16:06:40 mon3 sshd[6371]: debug3: mm_request_receive entering
May 21 16:06:42 mon3 sshd[6371]: debug3: monitor_read: checking request 10
May 21 16:06:42 mon3 sshd[6371]: debug3: PAM: sshpam_passwd_conv called with 1 messages
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: default/local realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: configured realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: debug
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flags: forwardable not proxiable
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: no ignore_afs
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: no null_afs
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: user_check
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: no krb4_convert
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: krb4_convert_524
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: krb4_use_as_req
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: will try previously set password first
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: will let libkrb5 ask questions
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: use_shmem
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: external
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: warn
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: ticket lifetime: 86400s (1d,0h,0m,0s)
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: renewable lifetime: 86400s (1d,0h,0m,0s)
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: minimum uid: 1
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: banner: Kerberos 5
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: ccache dir: /tmp
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: ccname template: FILE:%d/krb5cc_%U_XXXXXX
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: keytab: FILE:/etc/krb5.keytab
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: token strategy: v4,524,2b,rxk5
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: pam_authenticate called for 'f.zimmermann', realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: authenticating 'f.zimmermann@AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: checking for externally-obtained v5 credentials
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: KRB5CCNAME is not set, none found
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: trying previously-entered password for 'f.zimmermann', allowing libkrb5 to prompt for more
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: authenticating 'f.zimmermann@AD.IN..DE' to 'krbtgt/AD.IN..DE@AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: krb5_get_init_creds_password(krbtgt/AD.IN..DE@AD.IN..DE) returned 0 (Success)
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: got result 0 (Success)
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: 'f.zimmermann@AD.IN..DE' passes .k5login check for 'f.zimmermann'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: saved v5 credentials to shared memory segment 265224193 (creator pid 6371)
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: saved v4 credential state to shared memory segment 265256962 (creator pid 6371)
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: authentication succeeds for 'f.zimmermann' (f.zimmermann@AD.IN..DE)
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: pam_authenticate returning 0 (Success)
May 21 16:06:42 mon3 sshd[6371]: debug1: PAM: password authentication accepted for f.zimmermann
May 21 16:06:42 mon3 sshd[6371]: debug3: mm_answer_authpassword: sending result 1
May 21 16:06:42 mon3 sshd[6371]: debug3: mm_request_send entering: type 11
May 21 16:06:42 mon3 sshd[6371]: debug3: mm_request_receive_expect entering: type 46
May 21 16:06:42 mon3 sshd[6371]: debug3: mm_request_receive entering
May 21 16:06:42 mon3 sshd[6371]: debug1: do_pam_account: called
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: default/local realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: configured realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: debug
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flags: forwardable not proxiable
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: no ignore_afs
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: no null_afs
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: user_check
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: no krb4_convert
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: krb4_convert_524
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: krb4_use_as_req
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: will try previously set password first
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: will let libkrb5 ask questions
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: use_shmem
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: external
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: warn
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: ticket lifetime: 86400s (1d,0h,0m,0s)
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: renewable lifetime: 86400s (1d,0h,0m,0s)
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: minimum uid: 1
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: banner: Kerberos 5
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: ccache dir: /tmp
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: ccname template: FILE:%d/krb5cc_%U_XXXXXX
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: keytab: FILE:/etc/krb5.keytab
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: token strategy: v4,524,2b,rxk5
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: pam_acct_mgmt called for 'f.zimmermann', realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: account management succeeds for 'f.zimmermann'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: 'f.zimmermann@AD.IN..DE' passes .k5login check for 'f.zimmermann'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: pam_acct_mgmt returning 0 (Success)
May 21 16:06:42 mon3 sshd[6371]: debug3: PAM: do_pam_account pam_acct_mgmt = 0 (Success)
May 21 16:06:42 mon3 sshd[6371]: debug3: mm_request_send entering: type 47
May 21 16:06:42 mon3 sshd[6371]: Accepted password for f.zimmermann from 10.0.0.217 port 45103 ssh2
May 21 16:06:42 mon3 sshd[6371]: debug1: monitor_child_preauth: f.zimmermann has been authenticated by privileged process
May 21 16:06:42 mon3 sshd[6371]: debug3: mm_get_keystate: Waiting for new keys
May 21 16:06:42 mon3 sshd[6371]: debug3: mm_request_receive_expect entering: type 24
May 21 16:06:42 mon3 sshd[6371]: debug3: mm_request_receive entering
May 21 16:06:42 mon3 sshd[6371]: debug3: mm_newkeys_from_blob: 0x7f76de798510(122)
May 21 16:06:42 mon3 sshd[6371]: debug2: mac_setup: found hmac-md5
May 21 16:06:42 mon3 sshd[6371]: debug3: mm_get_keystate: Waiting for second key
May 21 16:06:42 mon3 sshd[6371]: debug3: mm_newkeys_from_blob: 0x7f76de741ac0(122)
May 21 16:06:42 mon3 sshd[6371]: debug2: mac_setup: found hmac-md5
May 21 16:06:42 mon3 sshd[6371]: debug3: mm_get_keystate: Getting compression state
May 21 16:06:42 mon3 sshd[6371]: debug3: mm_get_keystate: Getting Network I/O buffers
May 21 16:06:42 mon3 sshd[6371]: debug3: mm_share_sync: Share sync
May 21 16:06:42 mon3 sshd[6371]: debug3: mm_share_sync: Share sync end
May 21 16:06:42 mon3 sshd[6371]: debug1: PAM: establishing credentials
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: pam_setcred (establish credential) called
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: default/local realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: configured realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: debug
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flags: forwardable not proxiable
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: no ignore_afs
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: no null_afs
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: user_check
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: no krb4_convert
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: krb4_convert_524
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: krb4_use_as_req
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: will try previously set password first
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: will let libkrb5 ask questions
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: use_shmem
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: external
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: warn
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: ticket lifetime: 86400s (1d,0h,0m,0s)
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: renewable lifetime: 86400s (1d,0h,0m,0s)
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: minimum uid: 1
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: banner: Kerberos 5
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: ccache dir: /tmp
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: ccname template: FILE:%d/krb5cc_%U_XXXXXX
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: keytab: FILE:/etc/krb5.keytab
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: token strategy: v4,524,2b,rxk5
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: pam_open_session called for 'f.zimmermann', realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: removing v5 shared memory segment 265224193 creator pid 6371
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: cleanup function removing shared memory segment 265224193 belonging to process 6371
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: removing v4 shared memory segment 265256962 creator pid 6371
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: cleanup function removing shared memory segment 265256962 belonging to process 6371
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: creating v5 ccache for 'f.zimmermann', uid=2618, gid=5001
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: saving v5 credentials to 'MEMORY:_pam_krb5_tmp_s_f.zimmermann@AD.IN..DE-0' for internal use
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: copied credentials from "MEMORY:_pam_krb5_tmp_s_f.zimmermann@AD.IN..DE-0" to "FILE:/tmp/krb5cc_2618_nP6371" for the user, destroying "MEMORY:_pam_krb5_tmp_s_f.zimmermann@AD.IN..DE-0"
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: created v5 ccache 'FILE:/tmp/krb5cc_2618_GSkhM3' for 'f.zimmermann'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: pam_open_session returning 0 (Success)
May 21 16:06:42 mon3 sshd[6371]: debug3: PAM: opening session
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: default/local realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: configured realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: debug
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flags: forwardable not proxiable
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: no ignore_afs
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: no null_afs
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: user_check
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: no krb4_convert
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: krb4_convert_524
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: krb4_use_as_req
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: will try previously set password first
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: will ask for a password if that fails
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: will let libkrb5 ask questions
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: use_shmem
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: external
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: warn
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: ticket lifetime: 86400s (1d,0h,0m,0s)
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: renewable lifetime: 86400s (1d,0h,0m,0s)
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: minimum uid: 1
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: banner: Kerberos 5
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: ccache dir: /tmp
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: ccname template: FILE:%d/krb5cc_%U_XXXXXX
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: keytab: FILE:/etc/krb5.keytab
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: token strategy: v4,524,2b,rxk5
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: pam_open_session called for 'f.zimmermann', realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: creating v5 ccache for 'f.zimmermann', uid=2618, gid=5001
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: saving v5 credentials to 'MEMORY:_pam_krb5_tmp_s_f.zimmermann@AD.IN..DE-1' for internal use
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: copied credentials from "MEMORY:_pam_krb5_tmp_s_f.zimmermann@AD.IN..DE-1" to "FILE:/tmp/krb5cc_2618_nx6371" for the user, destroying "MEMORY:_pam_krb5_tmp_s_f.zimmermann@AD.IN..DE-1"
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: created v5 ccache 'FILE:/tmp/krb5cc_2618_XpaLZ5' for 'f.zimmermann'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: pam_open_session returning 0 (Success)
May 21 16:06:42 mon3 sshd[6371]: User child is on pid 6380
May 21 16:06:42 mon3 sshd[6371]: debug3: mm_request_receive entering
May 21 16:06:42 mon3 sshd[6380]: debug1: SELinux support disabled
May 21 16:06:42 mon3 sshd[6380]: debug1: PAM: establishing credentials
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: pam_setcred (establish credential) called
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: default/local realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: configured realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: flag: debug
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: flags: forwardable not proxiable
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: flag: no ignore_afs
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: flag: no null_afs
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: flag: user_check
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: flag: no krb4_convert
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: flag: krb4_convert_524
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: flag: krb4_use_as_req
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: will try previously set password first
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: will let libkrb5 ask questions
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: flag: use_shmem
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: flag: external
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: flag: warn
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: ticket lifetime: 86400s (1d,0h,0m,0s)
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: renewable lifetime: 86400s (1d,0h,0m,0s)
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: minimum uid: 1
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: banner: Kerberos 5
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: ccache dir: /tmp
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: ccname template: FILE:%d/krb5cc_%U_XXXXXX
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: keytab: FILE:/etc/krb5.keytab
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: token strategy: v4,524,2b,rxk5
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: pam_open_session called for 'f.zimmermann', realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: creating v5 ccache for 'f.zimmermann', uid=2618, gid=5001
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: saving v5 credentials to 'MEMORY:_pam_krb5_tmp_s_f.zimmermann@AD.IN..DE-2' for internal use
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: copied credentials from "MEMORY:_pam_krb5_tmp_s_f.zimmermann@AD.IN..DE-2" to "FILE:/tmp/krb5cc_2618_tP6380" for the user, destroying "MEMORY:_pam_krb5_tmp_s_f.zimmermann@AD.IN..DE-2"
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: created v5 ccache 'FILE:/tmp/krb5cc_2618_tgPZh5' for 'f.zimmermann'
May 21 16:06:42 mon3 sshd[6380]: pam_krb5[6380]: pam_open_session returning 0 (Success)
May 21 16:06:42 mon3 sshd[6380]: debug1: permanently_set_uid: 2618/5001
May 21 16:06:42 mon3 sshd[6380]: debug2: set_newkeys: mode 0
May 21 16:06:42 mon3 sshd[6380]: debug2: set_newkeys: mode 1
May 21 16:06:42 mon3 sshd[6380]: debug1: Entering interactive session for SSH2.
May 21 16:06:42 mon3 sshd[6380]: debug2: fd 4 setting O_NONBLOCK
May 21 16:06:42 mon3 sshd[6380]: debug2: fd 6 setting O_NONBLOCK
May 21 16:06:42 mon3 sshd[6380]: debug1: server_init_dispatch_20
May 21 16:06:42 mon3 sshd[6380]: debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
May 21 16:06:42 mon3 sshd[6380]: debug1: input_session_request
May 21 16:06:42 mon3 sshd[6380]: debug1: channel 0: new [server-session]
May 21 16:06:42 mon3 sshd[6380]: debug2: session_new: allocate (allocated 0 max 10)
May 21 16:06:42 mon3 sshd[6380]: debug3: session_unused: session id 0 unused
May 21 16:06:42 mon3 sshd[6380]: debug1: session_new: session 0
May 21 16:06:42 mon3 sshd[6380]: debug1: session_open: channel 0
May 21 16:06:42 mon3 sshd[6380]: debug1: session_open: session 0: link with channel 0
May 21 16:06:42 mon3 sshd[6380]: debug1: server_input_channel_open: confirm session
May 21 16:06:42 mon3 sshd[6380]: debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
May 21 16:06:42 mon3 sshd[6380]: debug1: server_input_channel_req: channel 0 request env reply 0
May 21 16:06:42 mon3 sshd[6380]: debug1: session_by_channel: session 0 channel 0
May 21 16:06:42 mon3 sshd[6380]: debug1: session_input_channel_req: session 0 req env
May 21 16:06:42 mon3 sshd[6380]: debug2: Setting env 0: LANG=de_DE.UTF-8
May 21 16:06:42 mon3 sshd[6380]: debug1: server_input_channel_req: channel 0 request exec reply 1
May 21 16:06:42 mon3 sshd[6380]: debug1: session_by_channel: session 0 channel 0
May 21 16:06:42 mon3 sshd[6380]: debug1: session_input_channel_req: session 0 req exec
May 21 16:06:42 mon3 sshd[6380]: debug2: fd 3 setting TCP_NODELAY
May 21 16:06:42 mon3 sshd[6380]: debug2: fd 12 setting O_NONBLOCK
May 21 16:06:42 mon3 sshd[6380]: debug2: fd 11 setting O_NONBLOCK
May 21 16:06:42 mon3 sshd[6380]: debug2: fd 14 setting O_NONBLOCK
May 21 16:06:42 mon3 sshd[6382]: debug3: Copy environment: KRB5CCNAME=FILE:/tmp/krb5cc_2618_tgPZh5
May 21 16:06:42 mon3 sshd[6382]: debug3: channel 0: close_fds r -1 w -1 e -1 c -1
May 21 16:06:42 mon3 sshd[6380]: debug1: Received SIGCHLD.
May 21 16:06:42 mon3 sshd[6380]: debug1: session_by_pid: pid 6382
May 21 16:06:42 mon3 sshd[6380]: debug1: session_exit_message: session 0 channel 0 pid 6382
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: request exit-status confirm 0
May 21 16:06:42 mon3 sshd[6380]: debug1: session_exit_message: release channel 0
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: write failed
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: close_write
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: send eow
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: output open -> closed
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: read<=0 rfd 12 len 0
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: read failed
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: close_read
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: input open -> drain
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: read 0 from efd 14
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: closing read-efd 14
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: ibuf empty
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: send eof
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: input drain -> closed
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: send close
May 21 16:06:42 mon3 sshd[6380]: debug2: notify_done: reading
May 21 16:06:42 mon3 sshd[6380]: debug3: channel 0: will not send data after close
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: rcvd close
May 21 16:06:42 mon3 sshd[6380]: debug3: channel 0: will not send data after close
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: is dead
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: gc: notify user
May 21 16:06:42 mon3 sshd[6380]: debug1: session_by_channel: session 0 channel 0
May 21 16:06:42 mon3 sshd[6380]: debug1: session_close_by_channel: channel 0 child 0
May 21 16:06:42 mon3 sshd[6380]: debug1: session_close: session 0 pid 0
May 21 16:06:42 mon3 sshd[6380]: debug3: session_unused: session id 0 unused
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: gc: user detached
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: is dead
May 21 16:06:42 mon3 sshd[6380]: debug2: channel 0: garbage collecting
May 21 16:06:42 mon3 sshd[6380]: debug1: channel 0: free: server-session, nchannels 1
May 21 16:06:42 mon3 sshd[6380]: debug3: channel 0: status: The following connections are open:\\r\
  #0 server-session (t4 r0 i3/0 o3/0 fd -1/-1 cfd -1)\\r\

May 21 16:06:42 mon3 sshd[6380]: debug3: channel 0: close_fds r -1 w -1 e -1 c -1
May 21 16:06:42 mon3 sshd[6380]: Connection closed by 10.0.0.217
May 21 16:06:42 mon3 sshd[6380]: debug1: do_cleanup
May 21 16:06:42 mon3 sshd[6380]: debug3: PAM: sshpam_thread_cleanup entering
May 21 16:06:42 mon3 sshd[6380]: Transferred: sent 1768, received 1392 bytes
May 21 16:06:42 mon3 sshd[6380]: Closing connection to 10.0.0.217 port 45103
May 21 16:06:42 mon3 sshd[6380]: debug3: mm_request_send entering: type 58
May 21 16:06:42 mon3 sshd[6371]: debug3: monitor_read: checking request 58
May 21 16:06:42 mon3 sshd[6371]: debug3: mm_answer_term: tearing down sessions
May 21 16:06:42 mon3 sshd[6371]: debug1: PAM: cleanup
May 21 16:06:42 mon3 sshd[6371]: debug1: PAM: closing session
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: default/local realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: configured realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: debug
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flags: forwardable not proxiable
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: no ignore_afs
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: no null_afs
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: user_check
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: no krb4_convert
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: krb4_convert_524
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: krb4_use_as_req
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: will try previously set password first
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: will ask for a password if that fails
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: will let libkrb5 ask questions
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: use_shmem
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: external
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: warn
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: ticket lifetime: 86400s (1d,0h,0m,0s)
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: renewable lifetime: 86400s (1d,0h,0m,0s)
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: minimum uid: 1
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: banner: Kerberos 5
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: ccache dir: /tmp
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: ccname template: FILE:%d/krb5cc_%U_XXXXXX
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: keytab: FILE:/etc/krb5.keytab
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: token strategy: v4,524,2b,rxk5
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: pam_close_session called for 'f.zimmermann', realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: afs not running
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: removing ccache 'FILE:/tmp/krb5cc_2618_XpaLZ5'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: destroyed v5 ccache for 'f.zimmermann'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: pam_close_session returning 0 (Success)
May 21 16:06:42 mon3 sshd[6371]: debug1: PAM: deleting credentials
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: pam_setcred (delete credential) called
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: default/local realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: configured realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: debug
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flags: forwardable not proxiable
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: no ignore_afs
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: no null_afs
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: user_check
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: no krb4_convert
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: krb4_convert_524
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: krb4_use_as_req
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: will try previously set password first
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: will let libkrb5 ask questions
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: use_shmem
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: external
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: flag: warn
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: ticket lifetime: 86400s (1d,0h,0m,0s)
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: renewable lifetime: 86400s (1d,0h,0m,0s)
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: minimum uid: 1
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: banner: Kerberos 5
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: ccache dir: /tmp
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: ccname template: FILE:%d/krb5cc_%U_XXXXXX
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: keytab: FILE:/etc/krb5.keytab
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: token strategy: v4,524,2b,rxk5
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: pam_close_session called for 'f.zimmermann', realm 'AD.IN..DE'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: afs not running
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: removing ccache 'FILE:/tmp/krb5cc_2618_GSkhM3'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: destroyed v5 ccache for 'f.zimmermann'
May 21 16:06:42 mon3 sshd[6371]: pam_krb5[6371]: pam_close_session returning 0 (Success)

Remaining file is: /tmp/krb5cc_2618_tgPZh5