PHP :: Bug #57865 :: Authenticaton Problem with krb5 with pam

Bug #57865	Authenticaton Problem with krb5 with pam_permit.so
Submitted:	2007-10-07 06:32 UTC	Modified:	2009-01-08 14:50 UTC
From:	m dot unterbauer at gmail dot com	Assigned:
Status:	No Feedback	Package:	PAM (PECL)
PHP Version:	5.1.6	OS:	CentOS 5
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	m dot unterbauer at gmail dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2007-10-07 06:32 UTC] m dot unterbauer at gmail dot com

Description:
------------
I have installed pam_auth for use within a php script. In PAM i use pam_krb5.so. It works fine with local accounts. Because i do not want local accounts i tried to config pam with /lib/security/pam_permit.so for account and this doesn't work.






Reproduce code:
---------------
pam config

==========
auth    required          /lib/security/pam_krb5.so  debug
account required         /lib/security/pam_permit.so
===========

Expected result:
----------------
$error = User not known to the underlying authentication module (in pam_authenticate)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2007-10-17 15:54 UTC] mikael at synd dot info

This is most likely a problem with you pam setup and not the pecl/pam extension. This is the config file I use with PHP and pam_krb5.so, please try adding "no_user_check" and the "session" line.

[mikl@example ~]$ cat /etc/pam.d/php
#%PAM-1.0
auth            sufficient      /lib/security/pam_krb5.so realm=EXAMPLE.COM no_user_check
account         required        /lib/security/pam_permit.so
session         required        /lib/security/pam_permit.so

[2007-10-17 15:57 UTC] mikael at synd dot info

Btw, that should be:

auth   required   /lib/security/pam_krb5.so realm=EXAMPLE.COM no_user_check

(This particular site has multiple realms with corresponding "auth" statements, the last one must have "required" set however)

[2009-01-08 14:50 UTC] mikael at synd dot info

No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 16:01:28 2024 UTC