> I guess I'm a bit baffled by why fixing your PAM configuration is a workaround but installing a custom krb5.conf is a desired configuration step.
krb5.conf is a config file under /etc. That's the ideal place to make configuration changes. As it is, right now, adding the minimum_uid bit involves just appending a few lines to the file---it doesn't get much simpler than that. > It's a weird situation, since krb5-config doesn't know whether you're ever going to care about the Kerberos PAM module. You may be installing a krb5.conf for some other reason entirely. Yeah, that's true. It's like with LDAP; my site uses LDAP for "ls -l", ~user lookups et al., but not for authentication. Still, having it in debconf may be convenient enough for sites that use pam_krb5, to be worth the "this setting only has an effect if ..." qualifier for sites that don't. Though I haven't made much use of [appdefaults] myself (just for the PAM module), I've never seen a philosophical problem with it, since all the settings there would relate to Kerberos anyway---it just comes down to making the admin's job easier. Splitting them out elsewhere might be more pedantically correct, but... For that matter, has there been any talk on a better way doing krb5.conf, like doing a /etc/krb5.conf.d/ or a krb5-auth-update(8) or the like? With all that's been said here about the limitations of the file and how it's structured/managed, it seems like this is a problem that's crying out for a solution. -- Why is /usr/share/pam-configs/krb5 specifying minimum_uid= ? https://bugs.launchpad.net/bugs/369575 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to kerberos-configs in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs