/usr/share/pam-configs/winbind should not include krb5_ccache_type or other options
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
samba (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
the template file winbind includes a lot of options that should be in
/etc/security/
Putting options in the template overwrites the option in /etc/security/
So, if you want for example to put the krb5cc outside of tmp, you have to modify the file in /usr/share/
than call pam-auth-update.
Files in /usr should not be touched by users, so this is not a real solution. The correct place is /etc, in this case the configuration file /etc/security/
The file in usr should be like:
Name: Winbind NT/Active Directory authentication
Default: yes
Priority: 192
Auth-Type: Primary
Auth:
Auth-Initial:
Account-Type: Primary
Account:
Password-Type: Primary
Password:
Password-Initial:
Session-Type: Additional
Session:
optional pam_winbind.so
whereas the file in /etc/security/
[global]
krb5_auth=yes
krb5_ccache_
cached_login=yes
Status changed to 'Confirmed' because the bug affects multiple users.