Public bug reported:
Binary package hint: libpam-afs-session
Using libpam-afs-session 1.7-2 on x86_64 version of Ubuntu 10.04.1
When I have this module in my PAM stack and I authenticate as a user
with an AFS identity (and get a token), I get added to a group that
doesn't exist, as reported by the id and groups commands:
$ id
uid=648(taft) gid=200(bioinf)
groups=200(bioinf),2693(csbio),2694(csbioadm),1103439836
$ groups
bioinf csbio csbioadm groups: cannot find name for group ID 1103439836
1103439836
1103439836 is not a group (or gid number of a group) that is defined
anywhere on my system. If I comment out pam_afs_session.so from the
common pam stack files, I don't see this behavior.
Since the default Ubuntu /etc/bash.bashrc file runs the groups command,
every time that I login as a user with an AFS identity, I get the above
error message (groups: cannot find name for group ID 1103439836) before
my first shell prompt.
Note that the number of the non-existent group is not always the same.
The files in /etc/pam.d on this system are:
common-account
account [success=2 new_authtok_reqd=done default=ignore] pam_unix.so
account [success=1 default=ignore] pam_ldap.so
account requisite pam_deny.so
account required pam_permit.so
account required pam_krb5.so minimum_uid=200
common-auth
auth [success=3 default=ignore] pam_krb5.so minimum_uid=200
auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass
auth [success=1 default=ignore] pam_ldap.so use_first_pass
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_afs_session.so
auth optional pam_cap.so
common-password
password requisite pam_cracklib.so retry=3
minlen=8 difok=3
password requisite pam_krb5.so minimum_uid=200
try_first_pass use_authtok
password [success=2 default=ignore] pam_unix.so obscure use_authtok
try_first_pass sha512
password [success=1 user_unknown=ignore default=die] pam_ldap.so
use_authtok try_first_pass
password requisite pam_deny.so
password required pam_permit.so
password optional pam_gnome_keyring.so
common-session
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session optional pam_krb5.so minimum_uid=200
session required pam_unix.so
session optional pam_ldap.so
session optional pam_afs_session.so
session optional pam_ck_connector.so nox11
common-session-noninteractive
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session optional pam_krb5.so minimum_uid=200
session required pam_unix.so
session optional pam_ldap.so
session optional pam_afs_session.so
** Affects: libpam-afs-session (Ubuntu)
Importance: Undecided
Status: New
--
libpam-afs-session gives user membership in nonexistant group
https://bugs.launchpad.net/bugs/670789
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
