Thomas Schweikle <1852...@bugs.launchpad.net> writes:

> Looks like set [appdefaults] for pam are ignored by pam_krb5.so:

> [appdefaults]
>  forwardable = true
>  noaddresses = true
>  proxiable = true
>  pam = {
>   minimum_uid = 1000
>   alt_auth_map=root/%s
>   ccache_dir = /tmp/krb5cc
>   ccache = DIR:/tmp/krb5cc/%u_XXXXXX
>  }

> I'd expect this to create

> /tmp/krb5cc/1000_NvfDse

> but:

> /tmp/krb5cc_<uid> is used.

> Same if I add these options to

> -rw-r--r-- 1 root root 1360 Nov 18 12:25 /etc/pam.d/common-account
> -rw-r--r-- 1 root root 1383 Nov 18 12:24 /etc/pam.d/common-auth
> -rw-r--r-- 1 root root 1690 Nov 18 12:25 /etc/pam.d/common-password
> -rw-r--r-- 1 root root 1675 Nov 18 12:25 /etc/pam.d/common-session
> -rw-r--r-- 1 root root 1483 Nov 18 12:26 
> /etc/pam.d/common-session-noninteractive

I'm pretty sure this means that either pam_krb5 is not running or is using
some other configuration.  It seems unlikely that it's just ignoring
option settings.

Are you running some other Kerberos-aware PAM module (such as sssd) that
might be setting up the ticket cache instead?

Adding debug to the end of the pam_krb5.so options will produce more
verbose logging.  If you don't see any additional logging at DEBUG level
in syslog, that means that the module isn't running at all.

-- 
Russ Allbery (r...@debian.org)              <https://www.eyrie.org/~eagle/>

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1852997

Title:
  /etc/krb5.conf options seem to be ignored by pam_krb5.so

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpam-krb5/+bug/1852997/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to