minimum_uid in krb5.conf, and ignore_root in .../pam-configs/krb5 sounds like a good way to go. For sites that distribute a global krb5.conf, they can always add the minimum_uid option if they like---if it's not already there, the distribution is likely passing that in as a PAM module option anyway (whether via pam-auth-update or otherwise).
For now, I guess I'll have to go with the custom krb5-mysite profile option. (Editing /etc/pam.d/common-* is possible, and indeed honored by pam-auth-update, but then you lose the whole benefit of being able to generate the config with a checklist. From an administrative standpoint, that's a *major* price to pay.) -- Why is /usr/share/pam-configs/krb5 specifying minimum_uid= ? https://bugs.launchpad.net/bugs/369575 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to kerberos-configs in ubuntu. -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
