"Daniel Richard G." <[email protected]> writes: > I know this isn't a big deal in the larger scheme of things, but it's > the difference between being able to use the stock krb5 profile, and > having to maintain a custom one. (And remember, the current behavior > involves headaches if you have any non-root local users.)
The current behavior does the correct thing if the UID allocation strategy follows Debian policy, including for local users. That's what I mean by not being convinced that the current behavior is wrong. I realize there are sites that have UID allocation strategies that don't follow the Debian guarantees about UID ranges and therefore need to use lower UIDs due to historic allocations, although I'm surprised that those sites would also be interested in using a stock PAM configuration (or, for that matter, a stock krb5.conf). You really don't want pam-krb5 to be willing to authenticate system users just because you have a principal in your local realm named "daemon", and krb5-config never touches an existing krb5.conf file when upgraded, which makes me nervous about removing this setting from the default PAM configuration. This is particularly true in Debian where those accounts have valid shells by default. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- Why is /usr/share/pam-configs/krb5 specifying minimum_uid= ? https://bugs.launchpad.net/bugs/369575 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
