apt-get install fails post-processing adduser when PAM is configured to use kerberos authentication
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| adduser (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: postgresql-common
apt-get (and in similar fashion aptitude/
In my company, we have a setup where each user signed in through kerberos (winbind). This makes it impossible to add users using adduser on ad hoc basis. It would be proper to let the administrator select what user (service user) should be used or to give the administrator a chance to add this user using the proper tools (in our case, Active Directory).
The following is a snippet of what goes wrong:
chfn: PAM authentication failed
adduser: `/usr/bin/chfn -f PostgreSQL administrator postgres' returned error code 1. Exiting.
This has occured in similar fashion for Apache 2.
I would have expected a prompt or anything to supply the proper user to use in any case when adduser fails.
As adduser fails, it might also cause security vulnerabilities if there is no further action undertaken by the post-processing (such as Apache reverting to use the root user, which in production environments is improper).
| security vulnerability: | yes → no |
| visibility: | private → public |
| Martin Pitt (pitti) wrote | #1 |
| affects: | postgresql-common (Ubuntu) → adduser (Ubuntu) |
I reassing this to adduser, as it's a general problem. However, this is partially a configuration error as well. System users really ought to be local, it makes relatively little sense to maintain them through a central user database IMHO. Anyway, adduser should be more clever about this indeed.