search for: pam_kerberos

Hello All, I have run into a situation where a user exiting from a PAM_KERBEROS-authenticated session runs the risk of deleting a kinit-generated credentials file that was already sitting on the server. I will explain the problem in detail, but let me begin with my question. It has a specific reference to PAM_KERBEROS, but it can also be a general question. If a user (s...

pam_winbind expects "DOAMIN\name" for authentication, but pam_kerberos expects just "name". Is there a trick to stack them such that the pam_winbind modules are used for account information, but the kerberos modules do the authentication (with the result being that the user has a tgt after login).

...Severity: normal Priority: P2 Component: PAM support AssignedTo: unassigned-bugs at mindrot.org ReportedBy: balu9463 at gmail.com This is my first bug report, request you to correct me if necessary. For a non root user, When ChallengeResponse is used with PAM_Kerberos and UsePrivilegeSeparation=yes, sshd creates two credential files in /tmp, and at the end of the session only one is removed $ssh system1 . . $ ps -ef | grep ssh root 170 1 0 14:01:58 ? 0:00 /opt/ssh/sbin/sshd test 245 243 0 14:03:41 ? 0:00 sshd: test at pts/0...

...s 0 buffer_get: trying to get more bytes 4 than in buffer 0 debug1: do_cleanup debug1: PAM: cleanup debug3: PAM: sshpam_thread_cleanup entering ------- To fix this, we have done some changes in auth-pam.c and session.c [1]. We are not sure that this is the exact fix for this though this works for PAM_Kerberos and PAM_unix with normal mode. But, in trusted mode, with PAM_UNIX, the password change prompt is being asked for the first login and it succeedes until the password is changed. Once the password is changed, the connection hangs at channel read/write. We can see some pty related error in the server...

Hello All, I haven't seen the answer to this, maybe I am just using the wrong searches. I have two queries related to this: 1) I have seen how to configure for LDAP and Kerberos. AD uses both together. All user information is in AD/LDAP and authentication is AD/Kerberos. How can I configure Dovecot to use both appropriately? 2) I can cause Samba to create certain directories on login, etc.