php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57865 Authenticaton Problem with krb5 with pam_permit.so
Submitted: 2007-10-07 06:32 UTC Modified: 2009-01-08 14:50 UTC
From: m dot unterbauer at gmail dot com Assigned:
Status: No Feedback Package: PAM (PECL)
PHP Version: 5.1.6 OS: CentOS 5
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2007-10-07 06:32 UTC] m dot unterbauer at gmail dot com
Description:
------------
I have installed pam_auth for use within a php script. In PAM i use pam_krb5.so. It works fine with local accounts. Because i do not want local accounts i tried to config pam with /lib/security/pam_permit.so for account and this doesn't work.






Reproduce code:
---------------
pam config

==========
auth    required          /lib/security/pam_krb5.so  debug
account required         /lib/security/pam_permit.so
===========

Expected result:
----------------
$error = User not known to the underlying authentication module (in pam_authenticate)


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-10-17 15:54 UTC] mikael at synd dot info
This is most likely a problem with you pam setup and not the pecl/pam extension. This is the config file I use with PHP and pam_krb5.so, please try adding "no_user_check" and the "session" line.

[mikl@example ~]$ cat /etc/pam.d/php
#%PAM-1.0
auth            sufficient      /lib/security/pam_krb5.so realm=EXAMPLE.COM no_user_check
account         required        /lib/security/pam_permit.so
session         required        /lib/security/pam_permit.so
 [2007-10-17 15:57 UTC] mikael at synd dot info
Btw, that should be:

auth   required   /lib/security/pam_krb5.so realm=EXAMPLE.COM no_user_check

(This particular site has multiple realms with corresponding "auth" statements, the last one must have "required" set however)
 [2009-01-08 14:50 UTC] mikael at synd dot info
No feedback was provided. The bug is being suspended because
we assume that you are no longer experiencing the problem.
If this is not the case and you are able to provide the
information that was requested earlier, please do so and
change the status of the bug back to "Open". Thank you.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Mar 19 06:01:30 2024 UTC