Public bug reported:
When using kerberos login through PAM lxdm will correctly call PAM to
get kerberos credentials. The kerberos credentials, notably the TGT, are
written to the sessions credentials cache in /tmp/krb5cc_${UID}_xxxxxxx.
This credential cache file is deleted by lxdm before starting
/usr/bin/startlxde. The user experience is that although the login
succeeded he can not access any kerberos secured services. This
essentially makes lxdm useless in a kerberos environment.
Doing strace on the lxdm process shows that lxdm processes the login as
expected through PAM which creates the credentials cache. Then lxdm
forks a new process that immediatly reads the credetials file and then
unlinks it, the process than goes on to exec /usr/bin/startlxde.
The result is the same whether using libpam-krb5 or libpam-heimdal
Quick fix: use gdm
ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: lxdm 0.4.1-0ubuntu4
ProcVersionSignature: Ubuntu 3.0.0-16.28-generic 3.0.17
Uname: Linux 3.0.0-16-generic i686
NonfreeKernelModules: openafs
ApportVersion: 1.23-0ubuntu4
Architecture: i386
Date: Tue Feb 21 09:26:24 2012
ProcEnviron:
LANGUAGE=en_AG:en
PATH=(custom, no user)
LANG=en_AG
SHELL=/bin/bash
SourcePackage: lxdm
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: lxdm (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport-bug i386 oneiric
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/937602
Title:
lxdm clears kerberos ticket cache on login
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxdm/+bug/937602/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
