Thomas Schweikle <[email protected]> writes:
> Looks like set [appdefaults] for pam are ignored by pam_krb5.so:
> [appdefaults]
> forwardable = true
> noaddresses = true
> proxiable = true
> pam = {
> minimum_uid = 1000
> alt_auth_map=root/%s
> ccache_dir = /tmp/krb5cc
> ccache = DIR:/tmp/krb5cc/%u_XXXXXX
> }
> I'd expect this to create
> /tmp/krb5cc/1000_NvfDse
> but:
> /tmp/krb5cc_<uid> is used.
> Same if I add these options to
> -rw-r--r-- 1 root root 1360 Nov 18 12:25 /etc/pam.d/common-account
> -rw-r--r-- 1 root root 1383 Nov 18 12:24 /etc/pam.d/common-auth
> -rw-r--r-- 1 root root 1690 Nov 18 12:25 /etc/pam.d/common-password
> -rw-r--r-- 1 root root 1675 Nov 18 12:25 /etc/pam.d/common-session
> -rw-r--r-- 1 root root 1483 Nov 18 12:26
> /etc/pam.d/common-session-noninteractive
I'm pretty sure this means that either pam_krb5 is not running or is using
some other configuration. It seems unlikely that it's just ignoring
option settings.
Are you running some other Kerberos-aware PAM module (such as sssd) that
might be setting up the ticket cache instead?
Adding debug to the end of the pam_krb5.so options will produce more
verbose logging. If you don't see any additional logging at DEBUG level
in syslog, that means that the module isn't running at all.
--
Russ Allbery ([email protected]) <https://www.eyrie.org/~eagle/>
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1852997
Title:
/etc/krb5.conf options seem to be ignored by pam_krb5.so
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpam-krb5/+bug/1852997/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
