From owner-freebsd-hackers@freebsd.org  Wed Dec  2 11:02:50 2015
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1F173A3DE4E;
 Wed,  2 Dec 2015 11:02:50 +0000 (UTC)
 (envelope-from joerg@britannica.bec.de)
Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de
 [IPv6:2a01:238:20a:202:5300::9])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.smtp.rzone.de", Issuer "TeleSec ServerPass DE-2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 90A8512AA;
 Wed,  2 Dec 2015 11:02:48 +0000 (UTC)
 (envelope-from joerg@britannica.bec.de)
X-RZG-AUTH: :JiIXek6mfvEEUpFQdo7Fj1/zg48CFjWjQuEfXeSt/nWoxdY2dvuAIbsw5PvjGQjhWhuTqzG+sku6nCLOwS/GcDYMru/f1Q==
X-RZG-CLASS-ID: mo00
Received: from britannica.bec.de
 (p20030057E21B0F002DDD2AD414CD8739.dip0.t-ipconnect.de
 [IPv6:2003:57:e21b:f00:2ddd:2ad4:14cd:8739])
 by smtp.strato.de (RZmta 37.14 AUTH) with ESMTPSA id j005e7rB2B2iMCK
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp521r1 with
 521 ECDH bits, eq. 15360 bits RSA))
 (Client did not present a certificate);
 Wed, 2 Dec 2015 12:02:44 +0100 (CET)
Date: Wed, 2 Dec 2015 12:02:43 +0100
From: Joerg Sonnenberger <joerg@britannica.bec.de>
To: freebsd-hackers@freebsd.org, hackers@freebsd.org
Subject: Re: NFSv4 details and documentations
Message-ID: <20151202110243.GA17480@britannica.bec.de>
Mail-Followup-To: freebsd-hackers@freebsd.org, hackers@freebsd.org
References: <1162872124.114408327.1449007978859.JavaMail.zimbra@uoguelph.ca>
 <alpine.GSO.1.10.1512020158390.26829@multics.mit.edu>
 <20151202100708.GJ31314@zxy.spb.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20151202100708.GJ31314@zxy.spb.ru>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 11:02:50 -0000

On Wed, Dec 02, 2015 at 01:07:08PM +0300, Slawa Olhovchenkov wrote:
> FreeBSD ssh'd use thread emulations by fork, as result Kerberos token
> got at pam_krb5:auth can't be accessed at pam_krb5:session (for
> writing in /tmp/krb5cc_UID. Recompile with
> -DUNSUPPORTED_POSIX_THREADS_HACK resove this issuse (and I can login
> with kerberos password to host with kerberoized NFSv4 and w/o
> additional kinit or password sshd to another host.

Please try UsePrivilegeSeparation=no instead. The pthread hack should
just die complete.

Joerg