LinuxQuestions.org - pam_krb5.so fails to retreive ticket

Currently I am setting up a group of Linux machines, and I have successfully configured Samba and PAM to authenticate users that login to Linux against the Windows Active Directory of users. Furthermore, Kerberos works to the extent that I can kinit, successfully retrieve a ticket, and smbmount with it. I discovered that typing in the password twice (once for login, another to kinit) became tedious after constant use. However, I just recently discovered that there was a module named pam_krb5.so that supposedly could retrieve a ticket on login. No matter how I tried configuring it, it would not work properly.

The following is /etc/pam.d/login (sans header):

Code:

auth        required      /lib/security/pam_env.so

auth        sufficient    /lib/security/pam_winbind.so

auth        sufficient    /lib/security/pam_unix.so likeauth nullok use_first_pass

auth        required      /lib/security/pam_deny.so

auth            required      /lib/security/pam_krb5.so use_first_pass creds



account    sufficient    /lib/security/pam_winbind.so

account    required      /lib/security/pam_unix.so



password    required      /lib/security/pam_cracklib.so retry=3

password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5 shadow

password    required      /lib/security/pam_deny.so



session    required      /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0077

session    required      /lib/security/pam_limits.so

session    required      /lib/security/pam_unix.so

I'm not positive if this is relevant to this module, but when a user logs in, the username format is in DOMAIN+username. However, for kinit to work, the username must be username@DOMAIN.TLD. Would I need additional tweaking to get pam_krb5.so to work?

For those that have experience with this module, am I correct in assuming that it does in fact retrieve a ticket on login? Any help would be greatly appreciated. Thanks in advance.