Red Hat Bugzilla – Full Text Bug Listing
|Summary:||Bad: Doesn't work|
|Product:||[Fedora] Fedora||Reporter:||Travis Groth <lists>|
|Component:||pam_krb5||Assignee:||Nalin Dahyabhai <nalin>|
|Status:||CLOSED NOTABUG||QA Contact:||Brian Brock <bbrock>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2005-10-02 23:53:02 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Travis Groth 2005-06-19 14:50:20 EDT
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4 Description of problem: Doesn't appear to do *anything*. I've manually dropped /etc/pam.d/gdm in from my FC3 install, and I get an authentication failure before I even enter my password. It fails on the username. Ditto if i use authconfig to add the kerberos line. I've played with pam_krb5.so in system config and several other places. If it is before pam_unix.so (not the default), it fails despite kinit having no issues and this same pam file working in FC3. If I put it after the pam_unix.so entry, it auths via pam_unix and goes on it's merry way, never obtaining a kerberos ticket like it's supposed to. My best technical guess is a bug in the version of pam_krb5.so where it throws auth failures early or every time. This needs to be fixed ASAP. Version-Release number of selected component (if applicable): pam_krb5-2.1.7-3 How reproducible: Always Steps to Reproduce: 1. Try to use pam_krb5.so for authentication and aquisition of initial kerberos ticket 2. 3. Actual Results: Throws an auth failure to pam before prompting for a password. Expected Results: Wait for password before throwing either success or failure to pam, then obtain a kerberos ticket if there is success. Additional info: I'm classifying this as "Security" to get additional attention. On any centralized network this bug totally renders kerberos authentication useless. With this bug, FC4 is completely unusable on many corporate and acedemic networks which depend on kerberos. It must be fixed immediately.
Comment 1 Travis Groth 2005-06-27 03:02:59 EDT
Without additional tweaking from myself pam_krb5 suddenly auths properly and grants me a kerberos ticket. I don't know what voodoo charm did it, but this seems to be solved now.
Comment 2 John Mahowald 2005-10-02 23:53:02 EDT