Russ, this seems to me like it might be a bug in pam_krb5 itself, rather
than in the new PAM config? I see the following code in api-password.c:
if (args->ignore_root || args->minimum_uid > 0) {
status = pam_get_user(pamh, &user, NULL);
if (status == PAM_SUCCESS && pamk5_should_ignore(args, user)) {
pamret = PAM_PERM_DENIED;
goto done;
}
}
So if pam_krb5 "should ignore" the user, the module returns
PAM_PERM_DENIED instead of PAM_IGNORE? Is this the intended behavior?
** Changed in: libpam-krb5 (Ubuntu)
Status: New => Triaged
--
cannot change password
https://bugs.launchpad.net/bugs/334795
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
