Red Hat Bugzilla – Bug 182239
RFE: Implement V5->V4 credential conversion using "external" in pam_krb5
Last modified: 2007-11-30 17:11:24 EST
Implement V5->V4 credential cache conversion in pam_krb5 when using the
"external" option so they can forward v4 credentials to their AFS server.
This is for the 2.2-branch of the pam_krb5 module.
This should be implemented in pam_krb5 2.2.7 and later. Closing with resolution
RAWHIDE even if it won't be there just yet due to the FC5 freeze.
This feature does not quite work as expected yet for the case where the K5
principal does not match the local account name. In this case, the "converted"
credentials (Krb4 and AFS) are obtained for the local account principal and are
Easy example: "ssh root@machine" ends up with a (nonworking) Krb4 TGT for
root@REALM instead of the converted user@REALM.
Appears to be due to mixing info from the krb5 "stash" with the "userinfo"
converted principal after an existing Krb5 ccache is read back.
Created attachment 128204 [details]
proposed patch that overrides the userinfo->principal when reading in an
Looking through the changelog for pam_krb5 in FC6, this was fixed as of 2.2.9-1
- shouldn't this BZ be closed now? :)
Er, yes, it should. Closing.