"Daniel Richard G." <[email protected]> writes: > At the moment, my PAM-profile override *is* put into place by the same > script that adds the minimum_uid bit to krb5.conf. But that's just a > workaround. I don't need a workaround; I need a fix for this, so that I > can toss the workaround :-)
I guess I'm a bit baffled by why fixing your PAM configuration is a workaround but installing a custom krb5.conf is a desired configuration step. That just isn't how I think about the files. But that's okay, I don't have to understand. :) > (Incidentally, Russ, Steve... what would you think of asking minimum_uid > as a debconf question, when initially creating krb5.conf? Other sites > may want to frob this setting as well.) It's a weird situation, since krb5-config doesn't know whether you're ever going to care about the Kerberos PAM module. You may be installing a krb5.conf for some other reason entirely. A strong argument could be made that the whole [appdefaults] thing in krb5.conf is a basically bad idea (particularly since krb5.conf doesn't support file includes) and should not be used to distribute PAM configuration, or any other app-specific configuration. That's part of the reason why it was initially done through the PAM configuration directly, since after all it is configuration for the PAM module, not for the general Kerberos installation on the system. But despite feeling that at times, I do use [appdefaults] for a bunch of my stuff because it's convenient to have a nice configuration syntax and configuration reading functions built-in, and because a lot of people like to distribute Kerberos settings site-wide through krb5.conf and there are some PAM settings that are really site-wide. (I don't think of minimum_uid as one, but things like renewable lifetime or forwardable tickets are more.) -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- Why is /usr/share/pam-configs/krb5 specifying minimum_uid= ? https://bugs.launchpad.net/bugs/369575 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
