diff --git a/.github/workflows/pamtester.yml b/.github/workflows/pamtester.yml
new file mode 100644
index 0000000..ec0171d
--- /dev/null
+++ b/.github/workflows/pamtester.yml
@@ -0,0 +1,20 @@
+---
+name: pamtester run of pam_krb5_cc_move
+on: [push]
+jobs:
+  pamtester:
+    runs-on: ubuntu-latest
+    steps:
+      - run: sudo apt install pamtester gcc make libpam-dev libkrb5-dev krb5-user krb5-k5tls
+      - uses: actions/checkout@v4
+      - run: make
+      - run: sudo make install INSTALLDIR=/usr/lib/x86_64-linux-gnu/security
+      - run: sudo cp pamtester/krb5_cc_move /etc/pam.d/krb5_cc_move
+      - run: cp pamtester/expired_kerberos_token /tmp/source
+      - run: klist -f /tmp/source
+      - run: sudo adduser testuser
+      - run: sudo chown testuser /tmp/source
+      - run: sudo pamtester -v krb5_cc_move testuser open_session
+      - run: journalctl -n 50
+      - run: ls -l /tmp/destination
+      - run: sudo -u testuser  klist -f /tmp/destination
diff --git a/pamtester/expired_kerberos_token b/pamtester/expired_kerberos_token
new file mode 100644
index 0000000..3cdf6e2
Binary files /dev/null and b/pamtester/expired_kerberos_token differ
diff --git a/pamtester/krb5.conf b/pamtester/krb5.conf
new file mode 100644
index 0000000..e97b6f1
--- /dev/null
+++ b/pamtester/krb5.conf
@@ -0,0 +1,25 @@
+# This file is managed by Puppet. DO NOT EDIT.
+includedir /etc/krb5.conf.d
+
+[libdefaults]
+    default_realm = CERN.CH
+    default_ccache_name = KCM:
+    default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha1-96 aes128-cts-hmac-sha256-128
+    allow_weak_crypto = true
+    dns_canonicalize_hostname = true
+    ticket_lifetime = 25h
+    renew_lifetime = 120h
+    forwardable = true
+    proxiable = true
+    rdns = false
+
+[realms]
+    CERN.CH = {
+        default_domain = cern.ch 
+        admin_server = cerndc.cern.ch
+        kdc = cerndc.cern.ch    
+    }
+
+[domain_realm]
+    CERN.CH = .cern.ch
+