Description of problem: My system authenticates against Kerberos. Netatalk's PAM configuration does not tie into the system-auth PAM configuration and only authenticates against pam_unix.so. As a result, Netatalk does not properly authenticate using Kerberos or any other more exotic authentication schemes that may be configured using authconfig. Version-Release number of selected component (if applicable): netatalk-2.0.3-23.fc10.i386 How reproducible: Every time Steps to Reproduce: 1. Configure a system to authenticate using Kerberos, LDAP, etc. 2. Install Netatalk and view /etc/pam.d/netatalk Actual results: Netatalk's PAM configuration only supports pam_unix.so. Expected results: Netatalk's PAM configuration should pull in system-auth. Additional info: A modified version of login's PAM configuration should work. Here is login's configuration: #%PAM-1.0 auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so auth include system-auth account required pam_nologin.so account include system-auth password include system-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so session optional pam_console.so # pam_selinux.so open should only be followed by sessions to be executed in the user context session required pam_selinux.so open session required pam_namespace.so session optional pam_keyinit.so force revoke session include system-auth session optional pam_ck_connector.so
The PAM config file is obviously limited. I'd highly appreciate if you could - push this issue upstream - come up with a portable but complete PAM config which we can include upstream (if possible) I'm currently working extensively on other Netatalk parts for 2.1 leaving no spare time for setting up a LDAP/Kerberos infrastructure. Thanks! Frank Lahm, Netatalk Developer
This message is a reminder that Fedora 10 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 10. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '10'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 10's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 10 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
In response to comment #1, the problem with pushing this upstream is that many distributions have different conventions for configuring PAM. For example, Fedora uses "auth include system-auth" but Debian used "@include common-auth." For recent discussion of this, see: http://sourceforge.net/mailarchive/forum.php?thread_name=4242eef70911180611v4d717ef0q58c2fd0bb4a2853%40mail.gmail.com&forum_name=netatalk-devel and the related responses.
;) Take a close look at exactly _who_ has started that thread over there... Regards, Frank Lahm, Netatalk Developer
Hmm. netatalk-2.0.4-3.fc12.src.rpm includes netatalk.pam-system-auth. $ ls -l ~/rpmbuild/SOURCES/netatalk.pam-system-auth -rw-r--r-- 1 hat users 334 2005-10-13 21:29 /home/hat/rpmbuild/SOURCES/netatalk.pam-system-auth $ cat ~/rpmbuild/SOURCES/netatalk.pam-system-auth # /etc/pam.d/netatalk # # PAM configuration file for netatalk using system-auth substack # (this would enable use of netatalk by LDAP or NIS users). # auth include system-auth account required pam_nologin.so account include system-auth password include system-auth session include system-auth This file is not used at all.
This bug appears to have been reported against 'rawhide' during the Fedora 13 development cycle. Changing version to '13'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
This message is a reminder that Fedora 13 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 13. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '13'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 13's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 13 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping