libpam-krb5 is not compiled with realm= option
Bug #48680 reported by
Jorge
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libpam-krb5 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: libpam-krb5
If you have 2 lines like that in common auth:
auth sufficient pam_krb5.so ccache=
auth sufficient pam_krb5.so ccache=
Pam tries tu auhenticate user against first domain and if it fails tries second domain. It's useful in organizations with multiple domains and allows the user not to need to write <email address hidden> at login prompt.
Besides, if you use <email address hidden> the var user is not valid in other modules like pam_mount.
To post a comment you must log in.
This is an interesting bug which we'll probably want to have a talk about at some point in regards to the network- authentication spec. We will be seeking to provide a clean UI for the user to join a system to a domain and will want to allow crossrealm authentication. I don't think we want to have the user have to enter a list of alternate realms, but that they should be known automatically. On top of that, new realms added after installation should be considered automatically too.