Date: Fri, 19 Mar 2004 11:09:25 -0500 (EST) From: Eric van Gyzen <vangyzen@stat.duke.edu> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/64464: pam_krb5 module ignores no_ccache option Message-ID: <200403191609.i2JG9P0H046434@stat.duke.edu> Resent-Message-ID: <200403191610.i2JGA5IV009732@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 64464 >Category: bin >Synopsis: pam_krb5 module ignores no_ccache option >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Mar 19 08:10:05 PST 2004 >Closed-Date: >Last-Modified: >Originator: Eric van Gyzen >Release: FreeBSD 5.2-RELEASE i386 >Organization: Duke University Statistics >Environment: FreeBSD 5.2-RELEASE >Description: The Kerberos 5 PAM module (src/lib/libpam/modules/pam_krb5/pam_krb5.c) ignores the no_ccache option and always saves the credentials in a file. >How-To-Repeat: For example, configure ports/mail/imap-uw to authenticate with Kerberos. In /etc/pam.d/imap, put: auth required pam_nologin.so no_warn auth required pam_krb5.so no_warn try_first_pass no_ccache Contrary to the pam_krb5(8) man page, a credentials cache will be saved in /tmp/krb5cc_%d. >Fix: I'm not familiar enough with PAM and Kerberos to provide a fix. :( Maybe in my "spare time"... >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403191609.i2JG9P0H046434>