[Bug 971253] Re: only krb5 results in broken common-passwd

Brian J. Murrell brian at interlinx.bc.ca
Tue Apr 3 10:37:41 UTC 2012 

AFAIK, the /usr/share/pam-configs/krb5 I have here is unmodified from
libpam-krb5-4.4-1ubuntu1.  The contents of the file are:

Name: Kerberos authentication
Default: yes
Priority: 704
Conflicts: krb5-openafs
Auth-Type: Primary
Auth:
	[success=end default=ignore]	pam_krb5.so minimum_uid=1000 try_first_pass
Auth-Initial:
	[success=end default=ignore]	pam_krb5.so minimum_uid=1000
Account-Type: Additional
Account:
	required			pam_krb5.so minimum_uid=1000
Password-Type: Primary
Password:
	requisite			pam_krb5.so minimum_uid=1000 try_first_pass use_authtok
Password-Initial:
	requisite			pam_krb5.so minimum_uid=1000
Session-Type: Additional
Session:
	optional			pam_krb5.so minimum_uid=1000

Is there a way to ask apt/dpkg if a resident file has been modified from
it's original, like rpm -V does?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/971253

Title:
  only krb5 results in broken common-passwd

Status in “pam” package in Ubuntu:
  Incomplete

Bug description:
  Using pam-auth-update if I select only krb5 for authentication (that
  is, unselect pam_unix and pam_ldap if installed) I get a broken
  passwd-common pam file:

  # here are the per-package modules (the "Primary" block)
  password	requisite			pam_krb5.so minimum_uid=1000
  # here's the fallback if no module succeeds
  password	requisite			pam_deny.so
  # prime the stack with a positive return value if there isn't one already;
  # this avoids us returning an error just because nothing sets a success code
  # since the modules above will each just jump around
  password	required			pam_permit.so
  # and here are more per-package modules (the "Additional" block)
  password	optional	pam_gnome_keyring.so 
  password	optional	pam_ecryptfs.so 
  # end of pam-auth-update config

  The problem here is clearly that pam_deny.so immediately follows
  pam_krb5.so with no "goto" option specified on the pam_krb5.so line to
  skip the pam_deny.so line if it's successful.

  ProblemType: Bug
  DistroRelease: LinuxMint 12
  Package: libpam-runtime 1.1.3-2ubuntu2.1
  ProcVersionSignature: Ubuntu 3.0.0-16.29-generic-pae 3.0.20
  Uname: Linux 3.0.0-16-generic-pae i686
  ApportVersion: 1.23-0ubuntu4
  Architecture: i386
  Date: Mon Apr  2 00:04:36 2012
  ProcEnviron:
   PATH=(custom, user)
   LANG=en_CA.UTF-8
   SHELL=/bin/bash
  SourcePackage: pam
  UpgradeStatus: Upgraded to lisa on 2007-04-05 (1823 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/971253/+subscriptions

More information about the foundations-bugs mailing list