[Bug 663190] Re: apt-get install fails post-processing adduser when PAM is configured to use kerberos authentication

Martin Pitt martin.pitt at ubuntu.com
Wed Oct 12 06:43:27 UTC 2011 

I reassing this to adduser, as it's a general problem. However, this is
partially a configuration error as well. System users really ought to be
local, it makes relatively little sense to maintain them through a
central user database IMHO. Anyway, adduser should be more clever about
this indeed.

** Package changed: postgresql-common (Ubuntu) => adduser (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/663190

Title:
  apt-get install fails post-processing adduser when PAM is configured
  to use kerberos authentication

Status in “adduser” package in Ubuntu:
  New

Bug description:
  Binary package hint: postgresql-common

  apt-get (and in similar fashion aptitude/dpkg/synaptic) fail to
  fallback properly when PAM denies to add a user.

  In my company, we have a setup where each user signed in through
  kerberos (winbind). This makes it impossible to add users using
  adduser on ad hoc basis. It would be proper to let the administrator
  select what user (service user) should be used or to give the
  administrator a chance to add this user using the proper tools (in our
  case, Active Directory).

  The following is a snippet of what goes wrong:

  chfn: PAM authentication failed
  adduser: `/usr/bin/chfn -f PostgreSQL administrator postgres' returned error code 1. Exiting.

  This has occured in similar fashion for Apache 2.

  I would have expected a prompt or anything to supply the proper user
  to use in any case when adduser fails.

  As adduser fails, it might also cause security vulnerabilities if
  there is no further action undertaken by the post-processing (such as
  Apache reverting to use the root user, which in production
  environments is improper).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/663190/+subscriptions

More information about the foundations-bugs mailing list