Ryan Underwood <[EMAIL PROTECTED]> writes: > Package: libpam-krb5 > Version: 1.0-12 > Severity: normal
> In the circumstance where krb5_init_context() and friends fail, perhaps > due to a missing krb5.conf, pam_krb5 should simply fail onto the next > modules in the stack when it is not 'required'. Currently, it aborts > the stack entirely, so if krb5.conf is not accessible for some reason, > it is impossible to log in at all, making it rather difficult to repair > the situation. I don't know if this is a problem with PAM itself or > with pam_krb5, so feel free to reassign as necessary. I can't duplicate this. Using a configuration of: auth sufficient pam_krb5.so auth required pam_unix.so nullok_secure in /etc/pam.d/common-auth, I can move aside /etc/krb5.conf and all that happens is that login drops through immediately to pam_unix. I can make guesses as to what return codes might work better, but everything seems fine with login. What PAM-enabled program is aborting the whole authentication in this case? -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
