Ubuntu
samba package

/usr/share/pam-configs/winbind should not include krb5_ccache_type or other options

Bug #1530929 reported by msaxl
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

the template file winbind includes a lot of options that should be in
/etc/security/pam_winbind.conf.

Putting options in the template overwrites the option in /etc/security/pam_winbind.conf,
So, if you want for example to put the krb5cc outside of tmp, you have to modify the file in /usr/share/pam-configs/,
than call pam-auth-update.
Files in /usr should not be touched by users, so this is not a real solution. The correct place is /etc, in this case the configuration file /etc/security/pam_winbind.conf

The file in usr should be like:

Name: Winbind NT/Active Directory authentication
Default: yes
Priority: 192
Auth-Type: Primary
Auth:
        [success=end default=ignore] pam_winbind.so try_first_pass
Auth-Initial:
        [success=end default=ignore] pam_winbind.so
Account-Type: Primary
Account:
        [success=end new_authtok_reqd=done default=ignore] pam_winbind.so
Password-Type: Primary
Password:
        [success=end default=ignore] pam_winbind.so use_authtok try_first_pass
Password-Initial:
        [success=end default=ignore] pam_winbind.so
Session-Type: Additional
Session:
        optional pam_winbind.so

whereas the file in /etc/security/pam_winbind.conf should be like this to not change the effective configuration

[global]
krb5_auth=yes
krb5_ccache_type=FILE
cached_login=yes

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in samba (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.