Package: libpam-krb5
Version: 2.6-1
Severity: normal
By default, for ssh logins that are authenticated by prompting
for a kerberos password, pam_krb5.so will put user credentials
in /tmp/krb5cc_0, overwriting any existing file by that name,
no matter which user owns the file.
The ccache option is supposed to allow customizing the name of
the credentials file. Regarding that option, the man page
says:
This option can be set in krb5.conf and is only
applicable to the auth and session groups.
This is incorrect -- ccache cannot be set in krb5.conf
Instead, the ccache option must be specified on the pam_krb5.so
command line in /etc/pam.d/common-session as stated in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341926
Presumably the ccache_dir option has the same problem, but I
did not investigate this.
An email associated with bug 341926 mentions updating the NEWS
file to make people aware of this, but I saw no such entry in
the NEWS file or any mention of it in the README files.
Unless the code is modified to match the man page description,
the behavior of the ccache option should be more clearly
documented.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages libpam-krb5 depends on:
ii krb 1.16 Configuration files for Kerberos V
ii lib 2.3.6.ds1-13etch5 GNU C Library: Shared libraries
ii lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii lib 1.4.4-7etch5 MIT Kerberos runtime libraries
ii lib 0.79-5 Pluggable Authentication Modules l
libpam-krb5 recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
