NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

misc/45263: [PATCH] mk.conf(5) should warn of the interaction between MKKERBEROS=no and PAM

>Number:         45263
>Category:       misc
>Synopsis:       [PATCH] mk.conf(5) should warn of the interaction between 
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    misc-bug-people
>State:          open
>Class:          doc-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Aug 18 05:50:01 +0000 2011
>Originator:     Ian D. Leroux
>Release:        NetBSD/amd64-5.99.55
Aarhus Universitet
NetBSD 5.99.55 NetBSD 5.99.55 (SCRAMEUSTACHE) #1: Sat 
Jul 30 10:04:27 CEST 2011

As discussed in PR 40599 and in the recent subthread beginning at,
setting MKKERBEROS=no breaks the default PAM stacks, which fail if 
and cannot be found.  Among other things, this means that a system 
built with MKKERBEROS=no does not, by default, allow any logins.

The proper fix for this is still a subject of debate, and may take some time.  
Meanwhile, the user should be warned that setting MKKERBEROS=no requires 
adjustments to their PAM configuration.
man mk.conf
--- mk.conf.5.orig      2011-08-18 07:09:08.000000000 +0200
+++ mk.conf.5   2011-08-18 07:26:53.000000000 +0200
@@ -424,6 +424,13 @@
 Indicates whether the Kerberos v5 infrastructure
 (libraries and support programs) is built and installed.
+Note that the default configuration for PAM relies on the Kerberos
+modules and  Do not install a userland
+built with
+before adjusting the PAM configuration appropriately
+.Xr pam.conf 5 ).

Home | Main Index | Thread Index | Old Index