Red Hat Bugzilla – Full Text Bug Listing
|Summary:||RFE: Implement V5->V4 credential conversion using "external" in pam_krb5|
|Product:||[Fedora] Fedora||Reporter:||Jon Fautley <jfautley>|
|Component:||pam_krb5||Assignee:||Nalin Dahyabhai <nalin>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||Brian Brock <bbrock>|
|Fixed In Version:||2.2.9-1||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2007-07-19 17:04:59 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
Description Jon Fautley 2006-02-21 05:49:02 EST
Implement V5->V4 credential cache conversion in pam_krb5 when using the "external" option so they can forward v4 credentials to their AFS server. This is for the 2.2-branch of the pam_krb5 module.
Comment 1 Nalin Dahyabhai 2006-02-23 14:04:59 EST
This should be implemented in pam_krb5 2.2.7 and later. Closing with resolution RAWHIDE even if it won't be there just yet due to the FC5 freeze.
Comment 2 Jan Iven 2006-04-25 04:16:56 EDT
This feature does not quite work as expected yet for the case where the K5 principal does not match the local account name. In this case, the "converted" credentials (Krb4 and AFS) are obtained for the local account principal and are nonfunctional. Easy example: "ssh root@machine" ends up with a (nonworking) Krb4 TGT for root@REALM instead of the converted user@REALM. Appears to be due to mixing info from the krb5 "stash" with the "userinfo" converted principal after an existing Krb5 ccache is read back. Please reopen.. Thanks Jan
Comment 3 Jan Iven 2006-04-25 10:23:52 EDT
Created attachment 128204 [details] proposed patch proposed patch that overrides the userinfo->principal when reading in an "external" KRB5CCNAME.
Comment 8 Jon Fautley 2006-11-01 06:27:10 EST
Looking through the changelog for pam_krb5 in FC6, this was fixed as of 2.2.9-1 - shouldn't this BZ be closed now? :) Cheers, /j
Comment 9 Nalin Dahyabhai 2007-07-19 17:04:59 EDT
Er, yes, it should. Closing.