[Bug 454012] [NEW] pam-configs prevents root login with pam_unix

[Brian J. Murrell]

Public bug reported:

Binary package hint: libpam-krb5

This bug appears somewhat similar to bug 411249 in that both pam_unix
and pam_krb5 are required to succeed in the account section for PAM.

However, in the case of root, I don't keep a root account in my kerberos
configuration but rely on the local (read: pam_unix) root account on the
machine.

The

account required                        pam_krb5.so minimum_uid=1000

At the bottom of the common-account file fails the root krb5 check which
fails root's ability to log in.  The above with "debug" added reports
the following in auth.log:

Oct 17 10:53:07 laptop su[21533]: (pam_krb5): none: pam_sm_acct_mgmt: entry (0x0)
Oct 17 10:53:07 laptop su[21533]: (pam_krb5): none: skipping non-Kerberos login
Oct 17 10:53:07 laptop su[21533]: (pam_krb5): none: pam_sm_acct_mgmt: exit (ignore)
Oct 17 10:53:07 laptop su[21533]: pam_acct_mgmt: Permission denied
Oct 17 10:53:07 laptop su[21533]: FAILED su for root by brian
Oct 17 10:53:07 laptop su[21533]: - pts/3 brian:root

It seems there is some notion that it's a non-kerberos login, I just
can't figure out what (i.e. [ *=done]) magic to replace the "required"
with to make it work.

Or maybe some additional pam_permit for uid<1000 is needed?  I'm not
really a PAM expert.

** Affects: libpam-krb5 (Ubuntu)
     Importance: Undecided
         Status: New

-- 
pam-configs prevents root login with pam_unix
https://bugs.launchpad.net/bugs/454012
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs