Your message dated Mon, 20 Jan 2020 18:17:14 -0800
with message-id <[email protected]>
and subject line Re: Bug#698170: libpam-krb5: Default configuration does not
work
has caused the Debian Bug report #698170,
regarding libpam-krb5: Default configuration does not work
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
698170: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698170
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libpam-krb5
Version: 4.3-1
Severity: normal
Tags: patch
Using the configuration files as produced by this package fails to login to the
system using kerberos.
A typical auth.log for a kerberos login looks like this:
Jan 14 21:12:56 nfs4 login[5265]: pam_krb5(login:auth): user xxx authenticated
as xxx@XXX
Jan 14 21:12:56 nfs4 login[5265]: Authentication failure
Changing /etc/pam.d/common-account to reflect:
account sufficient pam_krb5.so minimum_uid=1000
account required pam_unix.so
account required pam_permit.so
makes logins based on /etc/shadow and Kerberos successful. I couldn't get both
scenarios running in parallel with any minor change to the config, but I'm
neither a PAM wizard.
-- System Information:
Debian Release: 6.0.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libpam-krb5 depends on:
ii krb5-config 2.2 Configuration files for Kerberos V
ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib
ii libkrb5-3 1.8.3+dfsg-4squeeze6 MIT Kerberos runtime libraries
ii libpam-runtime 1.1.1-6.1+squeeze1 Runtime support for the PAM librar
ii libpam0g 1.1.1-6.1+squeeze1 Pluggable Authentication Modules l
libpam-krb5 recommends no packages.
libpam-krb5 suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Cleaning up some old bugs.
Russ Allbery <[email protected]> writes:
> This is documented in /usr/share/doc/libpam-krb5/README.Debian.gz (see
> the part starting with "This configuration will still require that users
> be listed in /etc/shadow").
Since this behavior is documented in README.Debian, including instructions
for how to use a different configuration if desired, I'm going to close
out this bug.
--
Russ Allbery ([email protected]) <https://www.eyrie.org/~eagle/>
--- End Message ---
