https://bugs.kde.org/show_bug.cgi?id=481019
Bug ID: 481019
Summary: kscreenlocker 5.27.10 unable to unlock with pam_krb5
Classification: Plasma
Product: kscreenlocker
Version: git-stable-Plasma/5.27
Platform: Other
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
kscreenlocker unlock does not work in combination with pam_krb5
Relevant lines from the journal (sensitive information redacted):
Feb 07 18:07:42 $HOSTNAME kscreenlocker_greet[40929]: pam_krb5(kde:auth): (user
$USER) attempting authentication as USER@REALM
Feb 07 18:07:42 $HOSTNAME kscreenlocker_greet[40929]: pam_krb5(kde:auth): (user
$USER) credential verification failed: Permission denied
Feb 07 18:07:42 $HOSTNAME kscreenlocker_greet[40929]: pam_krb5(kde:auth):
authentication failure; logname=$USER uid=XXXX euid=XXXX tty= ruser= rhost=
Feb 07 18:07:42 $HOSTNAME kscreenlocker_greet[40929]: pam_krb5(kde:auth):
pam_sm_authenticate: exit (failure)
Feb 07 18:07:42 $HOSTNAME kscreenlocker_greet[40929]: pam_unix(kde:auth):
authentication failure; logname= uid=XXXX euid=10236 tty= ruser= rhost=
user=$USER
Feb 07 18:07:45 $HOSTNAME kscreenlocker_greet[40929]: pam_krb5(kde:auth):
pam_sm_authenticate: entry
Our pam common-auth:
auth sufficient pam_krb5.so minimum_uid=10000 debug
auth required pam_unix.so try_first_pass nullok_secure
Note that user homes are on NFS4 with sec=krb5p.
I assume this behaviour was introduced by:
https://invent.kde.org/plasma/kscreenlocker/-/commit/132adacf3d01fc4adf8a873e0debc3adb17972ec
"Cleanup kcheckpass"
setuid root kcheckpass was removed.
How is that supposed to work now?
SOFTWARE/OS VERSIONS
Linux/KDE Plasma: 5.27.10-0ubuntu1~ubuntu22.04~ppa1
KDE Plasma Version: 5.27.10
--
You are receiving this mail because:
You are watching all bug changes.
