On Fri, 24 Sep 2004 16:32:01 -0400, Nalin Dahyabhai <nalin@xxxxxxxxxx> wrote: > On Fri, Sep 24, 2004 at 04:12:00PM -0400, Rik van Riel wrote: > > On Fri, 24 Sep 2004, Stephen J Smoogen wrote: > > > > > Is having pam_krb5 not kill your login process when you have a local > > > password and pam_krb5 is listed as optional... a bug or an RFE? > > > > Not sure. Nalin ? > > In all seriousness, that depends on what you mean by "kill". Crash? > Bug. Access denied? If it's a legitimate denial, not a bug because the > alternative could be far worse. > Ok the original bug was 79853. I dont remember closing it.. but it looks like I did. I also thought I answered Nalins question on that bug.. but I cant find that either.. my apologies Nalin. To give you an answer, I get a hang that does not return and login finally kills itself. What I have been trying to do is get our laptops set up so that they can get kerberos tickets if they are on the domain, and not to get them if they are not. The problem is currently most seen in #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_krb5.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so account [default=bad success=ok user_unknown=ignore service_err=ignore syste m_err=ignore] /lib/security/$ISA/pam_krb5.so password required /lib/security/$ISA/pam_cracklib.so retry=3 type= password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_krb5.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_krb5.so When the laptop is plugged into the network and a local password is used the access occurs. When I unplug the box but move the settings to even optional.. it just sits for 2 minutes and login times out. This is really a RHEL-4/Fedora issue with us as it not working in RHEL-3 has been a 'reason to use something not so broken' as others have put it. I have been told that Fedora-Core Beta 2 is showing it too.. but I have to go through some paperwork to bring up a non-beta machine on our network. I will know on Monday. -- Stephen J Smoogen. Professional System Administrator
