This is the intended behavior of Kerberos. So far as I know, it has always worked this way. I have never seen logins succeed if you have an empty .k5login file. I suspect something else was going on when you thought this used to work (such as having the .k5login file not be readable for some reason).
It would break many systems to have an empty .k5login file still permit logins by principals that happen to match the local account name. -- kerberos requires users to list themselves in .k5login https://bugs.launchpad.net/bugs/116745 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in ubuntu. -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
