Hi Daniel,
> Why is /usr/share/pam-configs/krb5 specifying minimum_uid= ?
Because this is the correct default minimum_uid value to use on Ubuntu
systems, where 1000 marks the boundary between system and user accounts,
and this default has not been otherwise specified.
> The problem is that some installations may have the convention of a higher
> minimum UID for Kerberos
> users, and their options are limited to either modifying the number in the
> profile file (a no-no given that
> the file lives in /usr and not /etc), or bypassing the krb5 profile
> altogether (either with a custom profile,
> or direct edits to /etc/pam.d/*).
Well, no, you have two other options:
- edit /etc/pam.d/common-* directly to remove / modify the minimum_uid option
according to your sites needs (these are config files, and pam-auth-update is
meant to honor any changes you make to the module options - if it fails to do
so, that's a bug), or
- provide your own 'krb5-mysite' profile in /usr/share/pam-configs/ and use
that in place of the default one.
But it would also be reasonable to set this default via appdefaults in
/etc/krb5.conf, which I didn't know was possible - if that were done in
the default krb5.conf, then we could drop the module option from
/usr/share/pam/configs/krb5. So I'll mark this bug as invalid for pam-
krb5, and open a task on kerberos-configs.
** Changed in: libpam-krb5 (Ubuntu)
Status: New => Invalid
** Also affects: kerberos-configs (Ubuntu)
Importance: Undecided
Status: New
** Changed in: kerberos-configs (Ubuntu)
Importance: Undecided => Low
** Changed in: kerberos-configs (Ubuntu)
Status: New => Triaged
--
Why is /usr/share/pam-configs/krb5 specifying minimum_uid= ?
https://bugs.launchpad.net/bugs/369575
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to kerberos-configs in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
