I've played around with this a bit, and it seems to work as intended. The only odd result I was able to get was with the following sequence of actions:
1. Enable the "krb5" profile.
2. Edit minimum_uid=1000 to some other value (say, 2000) in /etc/pam.d/common-*.
3. Edit minimum_uid=1000 to yet another value (say, 3000) in /usr/share/pam-configs/krb5.
4. pam-auth-update
5. Now, pam_krb5 is being passed e.g. "minimum_uid=3000 try_first_pass minimum_uid=2000".
Step #3 could be considered a foul, but it's a possibility if some PAM-module package gets updated.
Hi Steve,
I've played around with this a bit, and it seems to work as intended. The only odd result I was able to get was with the following sequence of actions:
1. Enable the "krb5" profile.
2. Edit minimum_uid=1000 to some other value (say, 2000) in /etc/pam. d/common- *.
3. Edit minimum_uid=1000 to yet another value (say, 3000) in /usr/share/ pam-configs/ krb5.
4. pam-auth-update
5. Now, pam_krb5 is being passed e.g. "minimum_uid=3000 try_first_pass minimum_uid=2000".
Step #3 could be considered a foul, but it's a possibility if some PAM-module package gets updated.