FC3 Bug Week - HELP WANTED

Stephen J. Smoogen smooge at gmail.com
Fri Sep 24 21:07:56 UTC 2004


On Fri, 24 Sep 2004 16:32:01 -0400, Nalin Dahyabhai <nalin at redhat.com> wrote:
> On Fri, Sep 24, 2004 at 04:12:00PM -0400, Rik van Riel wrote:
> > On Fri, 24 Sep 2004, Stephen J Smoogen wrote:
> >
> > > Is having pam_krb5 not kill your login process when you have a local
> > > password and pam_krb5 is listed as optional... a bug or an RFE?
> >
> > Not sure.   Nalin ?
> 
> In all seriousness, that depends on what you mean by "kill".  Crash?
> Bug.  Access denied?  If it's a legitimate denial, not a bug because the
> alternative could be far worse.
> 

Ok the original bug was 79853. I dont remember closing it.. but it
looks like I did. I also thought I answered Nalins question on that
bug.. but I cant find that either.. my apologies Nalin.

To give you an answer, I get a hang that does not return and login
finally kills itself.

What I have been trying to do is get our laptops set up so that they
can get kerberos tickets if they are on the domain, and not to get
them if they are not. The problem is currently most seen in


#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_krb5.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/$ISA/pam_unix.so
account     [default=bad success=ok user_unknown=ignore service_err=ignore syste
m_err=ignore] /lib/security/$ISA/pam_krb5.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 
shadow
password    sufficient    /lib/security/$ISA/pam_krb5.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_krb5.so

When the laptop is plugged into the network and a local password is
used the access occurs. When I unplug the box but move the settings to
even optional.. it just sits for 2 minutes and login times out.

This is really a RHEL-4/Fedora issue with us as it not working in
RHEL-3 has been a 'reason to use something not so broken' as others
have put it. I have been told that Fedora-Core Beta 2 is showing it
too.. but I have to go through some paperwork to bring up a non-beta
machine on our network. I will know on Monday.


-- 
Stephen J Smoogen.
Professional System Administrator





More information about the fedora-devel-list mailing list