[Bug 488686] Re: libpam-krb5-migrate-heimdal asks for wrong principal

Valentijn Sessink valentijn at sessink.nl
Thu Nov 26 12:11:55 UTC 2009 

** Description changed:

  Client: Ubuntu 8.04.3; server: Ubuntu 8.04.3 with Heimdal KDC. On the client, the following setup:
  auth    sufficient      pam_krb5.so
  auth    requisite       pam_ldap.so
  auth    optional        pam_krb5_migrate.so debug principal=pam/pam
  On the server, a "pam/pam" principal with "pam/pam add *" rights.
  
  The client reports correctly (i.e. as you would expect):
  login(pam_krb5_migrate)[24697]: Authenticating as principal pam/pam with keytab /etc/security/pam_krb5.keytab.
  
  The server instead reports:
- AS-REQ root/admin at KANTOOR.OPENOFFICE.NL from IPv4:192.168.112.50 for kadmin/admin at KANTOOR.OPENOFFICE.NL
- UNKNOWN -- root/admin at KANTOOR.OPENOFFICE.NL: No such entry in the database
+ AS-REQ root/admin at KERBEROS.DOMAIN from IPv4:xxx.xxx.xxx.xxx for kadmin/admin at KERBEROS.DOMAIN
+ UNKNOWN -- root/admin at KERBEROS.DOMAIN: No such entry in the database
  
  Strangely enough, the client seems not to register this, as it doesn't
  mention the ... "while initializing kadmin interface" error message;
  instead, it continues with "username [%s] obtained", then mentions
  'Unknown code krb5 6 creating principal "username at KERBEROS.DOMAIN"'.
  
  So the migration does not work.
  
  At first, I thought libpam-krb5-migrate-heimdal was at fault all by
  itself. But when I tried the same package on Ubuntu 9.10, it worked as
  expected: it got the kadmin/admin principal by logging in as pam/pam,
  and added the user correctly.
  
  I wouldn't know where to look next. This looks like a sort of
  interfacing problem (why doesn't pam-krb5-migrate.so return an error
  when there's no root/admin user available?), but I wouldn't know where
  to look for it.

-- 
libpam-krb5-migrate-heimdal asks for wrong principal
https://bugs.launchpad.net/bugs/488686
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list