On 6/09/23 22:46, Taylor R Campbell wrote:
Here's a workaround you could test with no code changes that shouldn't
break other applications: move /root/.k5login to /etc/k5login.d/root,
and set
[libdefaults]
kuserok = USER-K5LOGIN SYSTEM-K5LOGIN SIMPLE DENY
in /etc/krb5.conf. Still worth finding a code fix for pam_ksu, but
you can try this workaround in the mean time.
Just to confirm that the workaround does work. mark
