Your message dated Sat, 29 Dec 2007 06:17:03 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#452592: fixed in libpam-krb5 3.10-1 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: libpam-krb5 Version: 2.6-1 Severity: normal Removing my guest-user from /etc/shadow and making all the pam-changes as stated in /usr/share/doc/libpam-krb5/README.Debian gives me: [EMAIL PROTECTED]:~$ su guest Password: su: Authentication service cannot retrieve authentication info. Sorry. [EMAIL PROTECTED]:~$ local syslog: calvin su[5997]: pam_acct_mgmt: Authentication service cannot retrieve authentication info. On the kerberos server: gw krb5kdc[6574]: AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.0.10: NEEDED_PREAUTH: [EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED], Additional pre-authentication required gw krb5kdc[6574]: AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.0.10: ISSUE: authtime 1195849946, etypes {rep=16 tkt=16 ses=16}, [EMAIL PROTECTED] for krbtgt/[EMAIL PROTECTED] However, changing /etc/pam.d/common-account to account sufficient pam_krb5.so minimum_uid=1000 account required pam_unix.so makes su and all other pam-services work (ssh, login, etc.) My understanding is that kerberos-authentication should replace local authentication or am I getting this all wrong? At least a few words explaining that would be helpful for admins new to kerberos and pam ;-) Thanx! -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-k7 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages libpam-krb5 depends on: ii krb5-con 1.16 Configuration files for Kerberos V ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries ii libcomer 1.39+1.40-WIP-2006.11.14+dfsg-2 common error description library ii libkrb53 1.4.4-7etch4 MIT Kerberos runtime libraries ii libpam0g 0.79-4 Pluggable Authentication Modules l libpam-krb5 recommends no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: libpam-krb5 Source-Version: 3.10-1 We believe that the bug you reported is fixed in the latest version of libpam-krb5, which is due to be installed in the Debian FTP archive: libpam-krb5_3.10-1.diff.gz to pool/main/libp/libpam-krb5/libpam-krb5_3.10-1.diff.gz libpam-krb5_3.10-1.dsc to pool/main/libp/libpam-krb5/libpam-krb5_3.10-1.dsc libpam-krb5_3.10-1_i386.deb to pool/main/libp/libpam-krb5/libpam-krb5_3.10-1_i386.deb libpam-krb5_3.10.orig.tar.gz to pool/main/libp/libpam-krb5/libpam-krb5_3.10.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Russ Allbery <[EMAIL PROTECTED]> (supplier of updated libpam-krb5 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 28 Dec 2007 21:56:26 -0800 Source: libpam-krb5 Binary: libpam-krb5 Architecture: source i386 Version: 3.10-1 Distribution: unstable Urgency: low Maintainer: Russ Allbery <[EMAIL PROTECTED]> Changed-By: Russ Allbery <[EMAIL PROTECTED]> Description: libpam-krb5 - PAM module for MIT Kerberos Closes: 452592 Changes: libpam-krb5 (3.10-1) unstable; urgency=low . * New upstream release. - If no_ccache is set, don't fail if we can't find module data. - Better error handling when reading keytabs. * Document in README.Debian that accounts must still exist in /etc/shadow when following the standard configuration and suggest an alternate configuration when that isn't appropriate. Thanks, Raoul Borenius. (Closes: #452592) * No longer build-depend on comerr-dev, since the module no longer links to it directly. * Update standards version to 3.7.3 (no changes required). Files: f7bbcae697dad3d026ba5b6db05035d3 696 net optional libpam-krb5_3.10-1.dsc 6ec6bd6637f8c91bf5386ed95fa975ba 156259 net optional libpam-krb5_3.10.orig.tar.gz 8410a476370eabb13a9b3bfa3202503d 10869 net optional libpam-krb5_3.10-1.diff.gz 6fe5beb04a9c41b3375a88d83477ad92 76522 net optional libpam-krb5_3.10-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHdeKI+YXjQAr8dHYRAmawAJ4s7aldrg4YaTlcqjsTtkBGRRoq8QCfVLMt QmmEzd634cVb/2nZKB4ia60= =ttrf -----END PGP SIGNATURE-----
--- End Message ---
