Red Hat Bugzilla – Bug 161010
Bad: Doesn't work
Last modified: 2007-11-30 17:11:08 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4
Description of problem:
Doesn't appear to do *anything*. I've manually dropped /etc/pam.d/gdm in from my FC3 install, and I get an authentication failure before I even enter my password. It fails on the username. Ditto if i use authconfig to add the kerberos line. I've played with pam_krb5.so in system config and several other places. If it is before pam_unix.so (not the default), it fails despite kinit having no issues and this same pam file working in FC3. If I put it after the pam_unix.so entry, it auths via pam_unix and goes on it's merry way, never obtaining a kerberos ticket like it's supposed to.
My best technical guess is a bug in the version of pam_krb5.so where it throws auth failures early or every time. This needs to be fixed ASAP.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Try to use pam_krb5.so for authentication and aquisition of initial kerberos ticket
Actual Results: Throws an auth failure to pam before prompting for a password.
Expected Results: Wait for password before throwing either success or failure to pam, then obtain a kerberos ticket if there is success.
I'm classifying this as "Security" to get additional attention. On any centralized network this bug totally renders kerberos authentication useless. With this bug, FC4 is completely unusable on many corporate and acedemic networks which depend on kerberos. It must be fixed immediately.
Without additional tweaking from myself pam_krb5 suddenly auths properly and
grants me a kerberos ticket. I don't know what voodoo charm did it, but this
seems to be solved now.