Date: Fri, 19 Mar 2004 11:09:25 -0500 (EST) From: Eric van Gyzen <vangyzen@stat.duke.edu> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/64464: pam_krb5 module ignores no_ccache option Message-ID: <200403191609.i2JG9P0H046434@stat.duke.edu> Resent-Message-ID: <200403191610.i2JGA5IV009732@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 64464
>Category: bin
>Synopsis: pam_krb5 module ignores no_ccache option
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Mar 19 08:10:05 PST 2004
>Closed-Date:
>Last-Modified:
>Originator: Eric van Gyzen
>Release: FreeBSD 5.2-RELEASE i386
>Organization:
Duke University Statistics
>Environment:
FreeBSD 5.2-RELEASE
>Description:
The Kerberos 5 PAM module (src/lib/libpam/modules/pam_krb5/pam_krb5.c)
ignores the no_ccache option and always saves the credentials in a file.
>How-To-Repeat:
For example, configure ports/mail/imap-uw to authenticate with Kerberos.
In /etc/pam.d/imap, put:
auth required pam_nologin.so no_warn
auth required pam_krb5.so no_warn try_first_pass no_ccache
Contrary to the pam_krb5(8) man page, a credentials cache will be saved
in /tmp/krb5cc_%d.
>Fix:
I'm not familiar enough with PAM and Kerberos to provide a fix. :(
Maybe in my "spare time"...
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403191609.i2JG9P0H046434>