Ticket #276 (new defect)
Shouldn’t accept Kerberos passwords for local users without username@ATHENA.MIT.EDU in .k5login
|Reported by:||andersk||Owned by:|
|Priority:||normal||Milestone:||The Distant Future|
|Cc:||Fixed in version:|
debathena / pam / andersk 17:07 (Anders Kaseorg) I’d be tempted to set minimum_uid=500. Though what I’d actually like to require is (group nss_nonlocal_users || principal in .k5login). debathena / pam / broder 17:10 (Evan Broder) Principal in .k5login doesn't matter, because PAM doesn't deal with that debathena / pam / andersk 17:11 (Anders Kaseorg) > PAM doesn't deal with that But I want it to. If username@ATHENA.MIT.EDU is not in username’s ~/.k5login, then I don’t want that Kerberos password to be useful for logging into that local account.
Note: See TracTickets for help on using tickets.