Last night I found out the hard way that if a user creates a .k5login file that isn't correct, (has Windows linebreaks or has multiple pricipal names on the same line) that they cannot login at all to systems using pam-krb5 for authentication. (This is on Ubuntu 6.06 on x86.) Further, no error is listed in the auth.log at all.
Similarly, I've been completely locked out of systems if there are syntax errors in the krb5.conf file and I've seen Windows BSOD if the system krb5.ini isn't correct. Is there no way to have a fail-safe method of operation? Is this an issue with pam-krb5 (I believe that the Debian pam-kr5 is in use on Ubuntu) or with the MIT Kerberos libraries themselves? Is this expected behavior? Or is there a way to be warned about such syntax errors instead of having authentication fail silently? versions of various things are: [EMAIL PROTECTED]:/]% COLUMNS=120 dpkg -l "*krb5*" | cut -c0-54 Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-files/Unpacked/Failed-co |/ Err?=(none)/Hold/Reinst-required/X=both-problems (S ||/ Name Version +++-========================-========================- ii krb5-clients 1.4.3-5ubuntu0.1 ii krb5-config 1.7 ii krb5-user 1.4.3-5ubuntu0.1 ii libkrb5-dev 1.4.3-5ubuntu0.1 ii libkrb53 1.4.3-5ubuntu0.1 ii libpam-krb5 1.2.0-3 ii openafs-krb5 1.4.1-2 Any pointers / info would be appreciated. <<CDC -- Christopher D. Clausen [EMAIL PROTECTED] SysAdmin ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos