[Bug 971253] [NEW] only krb5 results in broken common-passwd

Brian J. Murrell brian at interlinx.bc.ca
Mon Apr 2 04:10:25 UTC 2012 

Public bug reported:

Using pam-auth-update if I select only krb5 for authentication (that is,
unselect pam_unix and pam_ldap if installed) I get a broken passwd-
common pam file:

# here are the per-package modules (the "Primary" block)
password	requisite			pam_krb5.so minimum_uid=1000
# here's the fallback if no module succeeds
password	requisite			pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
password	required			pam_permit.so
# and here are more per-package modules (the "Additional" block)
password	optional	pam_gnome_keyring.so 
password	optional	pam_ecryptfs.so 
# end of pam-auth-update config

The problem here is clearly that pam_deny.so immediately follows
pam_krb5.so with no "goto" option specified on the pam_krb5.so line to
skip the pam_deny.so line if it's successful.

ProblemType: Bug
DistroRelease: LinuxMint 12
Package: libpam-runtime 1.1.3-2ubuntu2.1
ProcVersionSignature: Ubuntu 3.0.0-16.29-generic-pae 3.0.20
Uname: Linux 3.0.0-16-generic-pae i686
ApportVersion: 1.23-0ubuntu4
Architecture: i386
Date: Mon Apr  2 00:04:36 2012
ProcEnviron:
 PATH=(custom, user)
 LANG=en_CA.UTF-8
 SHELL=/bin/bash
SourcePackage: pam
UpgradeStatus: Upgraded to lisa on 2007-04-05 (1823 days ago)

** Affects: pam (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apport-bug i386 lisa

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/971253

Title:
  only krb5 results in broken common-passwd

Status in “pam” package in Ubuntu:
  New

Bug description:
  Using pam-auth-update if I select only krb5 for authentication (that
  is, unselect pam_unix and pam_ldap if installed) I get a broken
  passwd-common pam file:

  # here are the per-package modules (the "Primary" block)
  password	requisite			pam_krb5.so minimum_uid=1000
  # here's the fallback if no module succeeds
  password	requisite			pam_deny.so
  # prime the stack with a positive return value if there isn't one already;
  # this avoids us returning an error just because nothing sets a success code
  # since the modules above will each just jump around
  password	required			pam_permit.so
  # and here are more per-package modules (the "Additional" block)
  password	optional	pam_gnome_keyring.so 
  password	optional	pam_ecryptfs.so 
  # end of pam-auth-update config

  The problem here is clearly that pam_deny.so immediately follows
  pam_krb5.so with no "goto" option specified on the pam_krb5.so line to
  skip the pam_deny.so line if it's successful.

  ProblemType: Bug
  DistroRelease: LinuxMint 12
  Package: libpam-runtime 1.1.3-2ubuntu2.1
  ProcVersionSignature: Ubuntu 3.0.0-16.29-generic-pae 3.0.20
  Uname: Linux 3.0.0-16-generic-pae i686
  ApportVersion: 1.23-0ubuntu4
  Architecture: i386
  Date: Mon Apr  2 00:04:36 2012
  ProcEnviron:
   PATH=(custom, user)
   LANG=en_CA.UTF-8
   SHELL=/bin/bash
  SourcePackage: pam
  UpgradeStatus: Upgraded to lisa on 2007-04-05 (1823 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/971253/+subscriptions

More information about the foundations-bugs mailing list