Re: kerberos issues with 10.0_BETA post openssl update

To: Taylor R Campbell <riastradh%NetBSD.org@localhost>
Subject: Re: kerberos issues with 10.0_BETA post openssl update
From: Mark Davies <mark%ecs.vuw.ac.nz@localhost>
Date: Thu, 7 Sep 2023 10:22:49 +1200



On 6/09/23 22:46, Taylor R Campbell wrote:

Here's a workaround you could test with no code changes that shouldn't
break other applications: move /root/.k5login to /etc/k5login.d/root,
and set

	[libdefaults]
		kuserok = USER-K5LOGIN SYSTEM-K5LOGIN SIMPLE DENY

in /etc/krb5.conf.  Still worth finding a code fix for pam_ksu, but
you can try this workaround in the mean time.



Just to confirm that the workaround does work.

mark

References:
- Re: kerberos issues with 10.0_BETA post openssl update
  - From: Taylor R Campbell

Prev by Date: Re: kerberos issues with 10.0_BETA post openssl update
Next by Date: daily CVS update output
Previous by Thread: Re: kerberos issues with 10.0_BETA post openssl update
Next by Thread: Re: kerberos issues with 10.0_BETA post openssl update
Indexes:

Home | Main Index | Thread Index | Old Index