** Description changed: Client: Ubuntu 8.04.3; server: Ubuntu 8.04.3 with Heimdal KDC. On the client, the following setup: auth sufficient pam_krb5.so auth requisite pam_ldap.so auth optional pam_krb5_migrate.so debug principal=pam/pam On the server, a "pam/pam" principal with "pam/pam add *" rights. The client reports correctly (i.e. as you would expect): login(pam_krb5_migrate)[24697]: Authenticating as principal pam/pam with keytab /etc/security/pam_krb5.keytab. The server instead reports: - AS-REQ root/ad...@kantoor.openoffice.nl from IPv4:192.168.112.50 for kadmin/ad...@kantoor.openoffice.nl - UNKNOWN -- root/ad...@kantoor.openoffice.nl: No such entry in the database + AS-REQ root/ad...@kerberos.domain from IPv4:xxx.xxx.xxx.xxx for kadmin/ad...@kerberos.domain + UNKNOWN -- root/ad...@kerberos.domain: No such entry in the database Strangely enough, the client seems not to register this, as it doesn't mention the ... "while initializing kadmin interface" error message; instead, it continues with "username [%s] obtained", then mentions 'Unknown code krb5 6 creating principal "usern...@kerberos.domain"'. So the migration does not work. At first, I thought libpam-krb5-migrate-heimdal was at fault all by itself. But when I tried the same package on Ubuntu 9.10, it worked as expected: it got the kadmin/admin principal by logging in as pam/pam, and added the user correctly. I wouldn't know where to look next. This looks like a sort of interfacing problem (why doesn't pam-krb5-migrate.so return an error when there's no root/admin user available?), but I wouldn't know where to look for it.
-- libpam-krb5-migrate-heimdal asks for wrong principal https://bugs.launchpad.net/bugs/488686 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs