Bug#613214: use libpam-krb5 for uidNumbers greater than 10000 only (as opposed to the default > 1000)

To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 613214@bugs.debian.org
Subject: Bug#613214: use libpam-krb5 for uidNumbers greater than 10000 only (as opposed to the default > 1000)
From: Petter Reinholdtsen <pere@hungry.com>
Date: Sun, 13 Feb 2011 18:31:02 +0100
Message-id: <20110213173102.GK9604@login1.uio.no>
Reply-to: Petter Reinholdtsen <pere@hungry.com>, 613214@bugs.debian.org
In-reply-to: <20110213160141.88085m0mbw5cy91x@mail.das-netzwerkteam.de>
References: <20110213160141.88085m0mbw5cy91x@mail.das-netzwerkteam.de>

[Mike Gabriel]
> For integration of Kerberos5 libpam-krb5 needs to be tweaked in a
> way that it will only apply krb5 pam rules to uidNumbers greater
> than 10000 (presuming that LDAP users on the Tjener start with
> 10000).

Why?  UIDs >= 1000 are supposed to be in LDAP, while the range from
500 to 1000 are supposed to be local users.  So for me, the current
default in libpapm-krb5 seem correct.

Btw, it might be an alternative to use sssd instead of libpam-krb5.

Vennlig hilsen,
-- 
Petter Reinholdtsen

Reply to:

Follow-Ups:
- Bug#613214: use libpam-krb5 for uidNumbers greater than 10000 only (as opposed to the default > 1000)
  - From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

References:
- Bug#613214: use libpam-krb5 for uidNumbers greater than 10000 only (as opposed to the default > 1000)
  - From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Prev by Date: Bug#602863: from bind9 to powerdns and back to bind9
Next by Date: Bug#613214: use libpam-krb5 for uidNumbers greater than 10000 only (as opposed to the default > 1000)
Previous by thread: Bug#613214: use libpam-krb5 for uidNumbers greater than 10000 only (as opposed to the default > 1000)
Next by thread: Bug#613214: use libpam-krb5 for uidNumbers greater than 10000 only (as opposed to the default > 1000)
Index(es):
- Date
- Thread