[Bug 826989] Re: Cannot change Kerberos password with passwd(1)
Launchpad Bug Tracker
826989 at bugs.launchpad.net
Wed Oct 26 10:54:12 UTC 2011
This bug was fixed in the package libpam-krb5 - 4.4-3
---------------
libpam-krb5 (4.4-3) unstable; urgency=low
* Change the pam-auth-update configuration to skip remaining password
stack by default modules if the Kerberos password change succeeds.
This is more useful behavior for the common case of Kerberos accounts
not having local passwords. See README.Debian.gz for information
about how to synchronize Kerberos and local passwords. (LP: #826989)
* Update README.Debian.gz documentation with more current options for
pam_unix and document password synchronization configuration.
* Convert to multiarch. Depend on the multiarch version of libpam0g,
install the modules into the multiarch version of /lib/security, and
declare the packages Multi-Arch: same.
* Update to debhelper compatibility level V9 (experimental).
- Build-Depend on debhelper 8.9.4 or later for hardening flags.
- Add Pre-Depends: ${misc:Pre-Depends}.
* Update standards version to 3.9.2 (no changes required).
* Fix formal name of the GPL in debian/copyright. (This will also be
done upstream in the next release.)
-- Russ Allbery <rra at debian.org> Mon, 26 Sep 2011 08:40:43 -0700
** Changed in: libpam-krb5 (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libpam-krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/826989
Title:
Cannot change Kerberos password with passwd(1)
Status in “libpam-krb5” package in Ubuntu:
Fix Released
Bug description:
This concerns libpam-krb5 version 4.2-1 in Ubuntu Natty, and is a
revisiting of an issue previously addressed in bug 334795.
$ passwd
Current Kerberos password:
passwd: Authentication token manipulation error
passwd: password unchanged
Previous reports I've filed described issues encountered on an Ubuntu
installation configured to use Kerberos, LDAP and AFS, a large number
of moving parts which tended to confuse the issue at hand. This time,
however, I've managed to reproduce the bug on a minimal Ubuntu
install, with libpam-krb5, and a local user (uid=1000) with the same
name as an existing Kerberos user. The Kerberos and PAM configs are
stock; Kerberos server information is being pulled from DNS. LDAP and
AFS are completely out of the picture.
I can log into the system as the Kerberos user without issue, but if I
attempt to change the password, I get the above error. If I add the
"debug" option to the pam_krb5 invocation in /etc/pam.d/common-
password, and then try again, I see this in /var/log/auth.log:
Aug 15 17:46:31 test-linux passwd[935]: pam_krb5(passwd:chauthtok): pam_sm_chauthtok: entry (0x4000)
Aug 15 17:46:31 test-linux passwd[935]: pam_krb5(passwd:chauthtok): (user dgomez) attempting authentication as daniel at EXAMPLE.COM
Aug 15 17:46:34 test-linux passwd[935]: pam_krb5(passwd:chauthtok): pam_sm_chauthtok: exit (success)
Aug 15 17:46:34 test-linux passwd[935]: pam_unix(passwd:chauthtok): authentication failure; logname=daniel uid=1000 euid=0 tty= ruser= rhost= user=daniel
So, what's the deal with this error?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpam-krb5/+bug/826989/+subscriptions
More information about the foundations-bugs
mailing list