[Bug 971253] Re: only krb5 results in broken common-passwd

Steve Langasek steve.langasek at canonical.com
Tue Apr 3 16:09:05 UTC 2012 

Ok, this is bug #826989, which is fixed in precise.

libpam-krb5 (4.4-3) unstable; urgency=low

  * Change the pam-auth-update configuration to skip remaining password
    stack by default modules if the Kerberos password change succeeds.
    This is more useful behavior for the common case of Kerberos accounts
    not having local passwords.  See README.Debian.gz for information
    about how to synchronize Kerberos and local passwords.  (LP: #826989)


** Changed in: pam (Ubuntu)
       Status: Incomplete => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/971253

Title:
  only krb5 results in broken common-passwd

Status in “pam” package in Ubuntu:
  Fix Released

Bug description:
  Using pam-auth-update if I select only krb5 for authentication (that
  is, unselect pam_unix and pam_ldap if installed) I get a broken
  passwd-common pam file:

  # here are the per-package modules (the "Primary" block)
  password	requisite			pam_krb5.so minimum_uid=1000
  # here's the fallback if no module succeeds
  password	requisite			pam_deny.so
  # prime the stack with a positive return value if there isn't one already;
  # this avoids us returning an error just because nothing sets a success code
  # since the modules above will each just jump around
  password	required			pam_permit.so
  # and here are more per-package modules (the "Additional" block)
  password	optional	pam_gnome_keyring.so 
  password	optional	pam_ecryptfs.so 
  # end of pam-auth-update config

  The problem here is clearly that pam_deny.so immediately follows
  pam_krb5.so with no "goto" option specified on the pam_krb5.so line to
  skip the pam_deny.so line if it's successful.

  ProblemType: Bug
  DistroRelease: LinuxMint 12
  Package: libpam-runtime 1.1.3-2ubuntu2.1
  ProcVersionSignature: Ubuntu 3.0.0-16.29-generic-pae 3.0.20
  Uname: Linux 3.0.0-16-generic-pae i686
  ApportVersion: 1.23-0ubuntu4
  Architecture: i386
  Date: Mon Apr  2 00:04:36 2012
  ProcEnviron:
   PATH=(custom, user)
   LANG=en_CA.UTF-8
   SHELL=/bin/bash
  SourcePackage: pam
  UpgradeStatus: Upgraded to lisa on 2007-04-05 (1823 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/971253/+subscriptions

More information about the foundations-bugs mailing list