On Fri, 24 Sep 2004 16:32:01 -0400, Nalin Dahyabhai <nalin(a)redhat.com> wrote:
On Fri, Sep 24, 2004 at 04:12:00PM -0400, Rik van Riel wrote:
> On Fri, 24 Sep 2004, Stephen J Smoogen wrote:
>
> > Is having pam_krb5 not kill your login process when you have a local
> > password and pam_krb5 is listed as optional... a bug or an RFE?
>
> Not sure. Nalin ?
In all seriousness, that depends on what you mean by "kill". Crash?
Bug. Access denied? If it's a legitimate denial, not a bug because the
alternative could be far worse.
Ok the original bug was 79853. I dont remember closing it.. but it
looks like I did. I also thought I answered Nalins question on that
bug.. but I cant find that either.. my apologies Nalin.
To give you an answer, I get a hang that does not return and login
finally kills itself.
What I have been trying to do is get our laptops set up so that they
can get kerberos tickets if they are on the domain, and not to get
them if they are not. The problem is currently most seen in
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_krb5.so use_first_pass
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account [default=bad success=ok user_unknown=ignore service_err=ignore syste
m_err=ignore] /lib/security/$ISA/pam_krb5.so
password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5
shadow
password sufficient /lib/security/$ISA/pam_krb5.so use_authtok
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
session optional /lib/security/$ISA/pam_krb5.so
When the laptop is plugged into the network and a local password is
used the access occurs. When I unplug the box but move the settings to
even optional.. it just sits for 2 minutes and login times out.
This is really a RHEL-4/Fedora issue with us as it not working in
RHEL-3 has been a 'reason to use something not so broken' as others
have put it. I have been told that Fedora-Core Beta 2 is showing it
too.. but I have to go through some paperwork to bring up a non-beta
machine on our network. I will know on Monday.
--
Stephen J Smoogen.
Professional System Administrator