On Mon, Jun 08, 2009 at 11:32:18PM +0200, Mike Massonnet wrote:
> Hello,
>
> I just uploaded a package[1] that includes the patch that is said to
> work for logins with pam_krb5. Can you please install it and let me
> know?
It does create a valid ticket cache, but it is broken in a different way:
wou...@celtic:~$ klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: wou...@grep.be
Valid starting Expires Service principal
06/09/09 00:16:24 06/09/09 10:16:24 krbtgt/grep...@grep.be
renew until 06/10/09 00:15:55
wou...@celtic:~$
As you can see, the ticket cache is now not empty anymore.
However, the name of the ticket cache is now wrong. Rather than it being
something like "FILE:/tmp/krb5cc_2000_zRkrLc" (as I'd expect, given how
my uid is 2000 and the ticket cache is created by the pam module), the
ticket cache is now called krb5cc_0 instead, which is supposed to be
reserved for the root user.
This will wreak havoc on a multi-user system.
Not quite there yet, I'd say.
--
The biometric identification system at the gates of the CIA headquarters
works because there's a guard with a large gun making sure no one is
trying to fool the system.
http://www.schneier.com/blog/archives/2009/01/biometrics.html
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
