Description of problem: pam_krb5 only attempts to get a token for the workstation's local cell by default, not the cell containing a user's home directory. Arguably, it should try to get a token for the cell containing the user's home directory, if it differs from the local cell. Version-Release number of selected component (if applicable): Tested on RHEL4, pam_krb5-2.1.2-1 How reproducible: Always Steps to Reproduce: 1. Configure a user with home directory in a different AFS cell than the system's default AFS cell 2. Try to log in with pam_krb5 Actual results: pam_krb5 obtains tokens for the system's default cell, not the cell containing the user's home directory. Expected results: pam_krb5 should obtain a token for the user's home directory in all cases (assuming the home directory in in AFS), else things are not going to work right. Additional info: A patch enhancing pam_krb5 so that it attempts to get a token for the user's home directory (if different from the system's default cell) is available at: http://www-personal.engin.umich.edu/~wingc/patches/pam_krb5/pam_krb5-2.1.2-homecell.patch
Created attachment 114104 [details] pam_krb5: try to get a token in the cell containing the user's home directory
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. Please See https://access.redhat.com/support/policy/updates/errata/ If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.