Password is ignored on local login, even for root
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
auth-client-config (Ubuntu) |
Invalid
|
Low
|
Unassigned |
Bug Description
Binary package hint: auth-client-config
Hi
I've installed "Ubuntu Server 9.10" + "Openssh Server" + "Kerberos" +"auth-
If I make :
# auth-client-config -a -p kerberos_example
You dont need anymore password to logon locally, root included !!!!!!
Only press "Return" on "Password:" prompt
Kerberos running or not, configurated or not
You can remove pam_krb5.so and problem is the same
I can reset this with :
#auth-
Another symptom, not cleared yet, may be related, message on /var/log/messages
.....login[1236]: Libgcrypt warning: missing initialization - please fix the application
security vulnerability: | yes → no |
visibility: | private → public |
Changed in auth-client-config (Ubuntu): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in auth-client-config (Ubuntu): | |
assignee: | Jamie Strandboge (jdstrand) → nobody |
status: | New → Invalid |
This bug affects me. To work around it, I do the following:
- Run sudo auth-client-config -a -p kerberos_example d/common- auth to use the attached file. d/substack- kerberos- unix based on the attached file.
- Change /etc/pam.
- Create /etc/pam.
These files are under GPL v2 of the License, or (at your option) any later version.
Note that it is essential to not simply drop substack- kerberos- unix into common-auth as this prevents later authentication modules from running (which, e.g., sshd relies on).
These files (or something similar) should be integrated into /etc/auth- client- config/ profile. d/acc-default .