Public bug reported:
the template file winbind includes a lot of options that should be in
/etc/security/pam_winbind.conf.
Putting options in the template overwrites the option in
/etc/security/pam_winbind.conf,
So, if you want for example to put the krb5cc outside of tmp, you have to
modify the file in /usr/share/pam-configs/,
than call pam-auth-update.
Files in /usr should not be touched by users, so this is not a real solution.
The correct place is /etc, in this case the configuration file
/etc/security/pam_winbind.conf
The file in usr should be like:
Name: Winbind NT/Active Directory authentication
Default: yes
Priority: 192
Auth-Type: Primary
Auth:
[success=end default=ignore] pam_winbind.so try_first_pass
Auth-Initial:
[success=end default=ignore] pam_winbind.so
Account-Type: Primary
Account:
[success=end new_authtok_reqd=done default=ignore] pam_winbind.so
Password-Type: Primary
Password:
[success=end default=ignore] pam_winbind.so use_authtok
try_first_pass
Password-Initial:
[success=end default=ignore] pam_winbind.so
Session-Type: Additional
Session:
optional pam_winbind.so
whereas the file in /etc/security/pam_winbind.conf should be like this to not
change the effective configuration
[global]
krb5_auth=yes
krb5_ccache_type=FILE
cached_login=yes
** Affects: samba (Ubuntu)
Importance: Undecided
Status: New
** Tags: libpam-winbind
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1530929
Title:
/usr/share/pam-configs/winbind should not include krb5_ccache_type or
other options
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1530929/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
