Ubuntu
libpam-krb5 package

libpam-krb5 is not compiled with realm= option

Bug #48680 reported by Jorge
6
Affects Status Importance Assigned to Milestone
libpam-krb5 (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: libpam-krb5

If you have 2 lines like that in common auth:

auth sufficient pam_krb5.so ccache=/tmp/krb5cc_%u realm=DOM2.COM
auth sufficient pam_krb5.so ccache=/tmp/krb5cc_%u use_first_pass realm=DOM1.COM

Pam tries tu auhenticate user against first domain and if it fails tries second domain. It's useful in organizations with multiple domains and allows the user not to need to write <email address hidden> at login prompt.

Besides, if you use <email address hidden> the var user is not valid in other modules like pam_mount.

Revision history for this message
Jerome Haltom (wasabi) wrote :

This is an interesting bug which we'll probably want to have a talk about at some point in regards to the network-authentication spec. We will be seeking to provide a clean UI for the user to join a system to a domain and will want to allow crossrealm authentication. I don't think we want to have the user have to enter a list of alternate realms, but that they should be known automatically. On top of that, new realms added after installation should be considered automatically too.

Revision history for this message
Manuel Zach (loogaroo) wrote :

I have tested libpam-krb5 in feisty and it seems that "realm=" is supported.
Thanks!

So I guess this Bug should be closed.

Revision history for this message
Andrew Mitchell (ajmitch) wrote :

Alright, thanks for checking that.

Changed in libpam-krb5:
status: Unconfirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.