Bug 161010 - Bad: Doesn't work
Summary: Bad: Doesn't work
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: pam_krb5
Version: 4
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-06-19 18:50 UTC by Travis Groth
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-10-03 03:53:02 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Travis Groth 2005-06-19 18:50:20 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

Description of problem:
Doesn't appear to do *anything*.  I've manually dropped /etc/pam.d/gdm in from my FC3 install, and I get an authentication failure before I even enter my password.  It fails on the username.  Ditto if i use authconfig to add the kerberos line.  I've played with pam_krb5.so in system config and several other places.  If it is before pam_unix.so (not the default), it fails despite kinit having no issues and this same pam file working in FC3.  If I put it after the pam_unix.so entry, it auths via pam_unix and goes on it's merry way, never obtaining a kerberos ticket like it's supposed to.  

My best technical guess is a bug in the version of pam_krb5.so where it throws auth failures early or every time.  This needs to be fixed ASAP.  

Version-Release number of selected component (if applicable):
pam_krb5-2.1.7-3

How reproducible:
Always

Steps to Reproduce:
1.  Try to use pam_krb5.so for authentication and aquisition of initial kerberos ticket 
2.
3.
  

Actual Results:  Throws an auth failure to pam before prompting for a password.

Expected Results:  Wait for password before throwing either success or failure to pam, then obtain a kerberos ticket if there is success.

Additional info:

I'm classifying this as "Security" to get additional attention.  On any centralized network this bug totally renders kerberos authentication useless.  With this bug, FC4 is completely unusable on many corporate and acedemic networks which depend on kerberos.  It must be fixed immediately.

Comment 1 Travis Groth 2005-06-27 07:02:59 UTC
Without additional tweaking from myself pam_krb5 suddenly auths properly and
grants me a kerberos ticket.  I don't know what voodoo charm did it, but this
seems to be solved now.  

Comment 2 John Mahowald 2005-10-03 03:53:02 UTC
Closed NOTABUG.


Note You need to log in before you can comment on or make changes to this bug.