Package: libpam-krb5 Version: 4.2-2 Severity: normal Tags: patch Please add forwardable as a argument to the pam module in the default pam-auth-config setup. It is useful when using libpam-krb5 with Active Directory and want to have single sign-on for other services on the local net.
I have not verified that this is needed in the latest version of libpam-krb5, but we did need to use it when using libpam-krb5 with AD in Etch. Reporting it here to increase the chance of having the configuration we need out of the box with Squeeze. :) -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash
diff -ur libpam-krb5-4.2/debian/pam-auth-update libpam-krb5-4.2-pere/debian/pam-auth-update --- libpam-krb5-4.2/debian/pam-auth-update 2010-03-06 22:07:32.000000000 +0100 +++ libpam-krb5-4.2-pere/debian/pam-auth-update 2010-03-06 22:06:05.000000000 +0100 @@ -4,12 +4,12 @@ Conflicts: krb5-openafs Auth-Type: Primary Auth: - [success=end default=ignore] pam_krb5.so minimum_uid=1000 try_first_pass + [success=end default=ignore] pam_krb5.so minimum_uid=1000 forwardable try_first_pass Auth-Initial: - [success=end default=ignore] pam_krb5.so minimum_uid=1000 + [success=end default=ignore] pam_krb5.so minimum_uid=1000 forwardable Account-Type: Additional Account: - required pam_krb5.so minimum_uid=1000 + required pam_krb5.so minimum_uid=1000 forwardable Password-Type: Primary Password: requisite pam_krb5.so minimum_uid=1000 try_first_pass use_authtok @@ -17,4 +17,4 @@ requisite pam_krb5.so minimum_uid=1000 Session-Type: Additional Session: - optional pam_krb5.so minimum_uid=1000 + optional pam_krb5.so minimum_uid=1000 forwardable
