Mailinglist Archive: opensuse-bugs (14787 mails)
| < Previous | Next > |
[Bug 217369] openssh calles pam(account) when auth with gssapi
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Mon, 27 Nov 2006 03:24:01 -0700 (MST)
- Message-id: <20061127102401.0373025C887@xxxxxxxxxxxxxxxxxxxxxx>
https://bugzilla.novell.com/show_bug.cgi?id=217369
mc@xxxxxxxxxx changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kukuk@xxxxxxxxxx
------- Comment #8 from mc@xxxxxxxxxx 2006-11-27 03:24 MST -------
Well, during the auth procedure krb5 might return an error which is saved
inside of pam. When the account module is called, this error will be evaluated
and a more specific error tell the application what exactly going wrong.
For example: account expired, password expired, etc.
pam_krb5 can only do this when auth was running before.
I found a workaround. pam_krb5 knows the option ignore_unknown_principals in
the account part. In our case it would return PAM_IGNORE instead of an error.
This option is currently not supported by pam-config . So it might be a good
idea to invite kukuk .
Which way we want to go?
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
mc@xxxxxxxxxx changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kukuk@xxxxxxxxxx
------- Comment #8 from mc@xxxxxxxxxx 2006-11-27 03:24 MST -------
Well, during the auth procedure krb5 might return an error which is saved
inside of pam. When the account module is called, this error will be evaluated
and a more specific error tell the application what exactly going wrong.
For example: account expired, password expired, etc.
pam_krb5 can only do this when auth was running before.
I found a workaround. pam_krb5 knows the option ignore_unknown_principals in
the account part. In our case it would return PAM_IGNORE instead of an error.
This option is currently not supported by pam-config . So it might be a good
idea to invite kukuk .
Which way we want to go?
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
| < Previous | Next > |