[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#613214: use libpam-krb5 for uidNumbers greater than 10000 only (as opposed to the default > 1000)

Hi Per,

On So 13 Feb 2011 18:31:02 CET Petter Reinholdtsen wrote:

[Mike Gabriel]
For integration of Kerberos5 libpam-krb5 needs to be tweaked in a
way that it will only apply krb5 pam rules to uidNumbers greater
than 10000 (presuming that LDAP users on the Tjener start with

Why?  UIDs >= 1000 are supposed to be in LDAP, while the range from
500 to 1000 are supposed to be local users.  So for me, the current
default in libpapm-krb5 seem correct.

My DebianEdu squeeze (which was a DVD snapshot install from today - 20110213) adds local users starting with uidNumber=1000.

Thus, user creation in LDAP and in /etc/passwd start off with the same uidNumber. I recommend setting the first LDAP uidNumber to a higher value (like 10000 or so).

Btw, it might be an alternative to use sssd instead of libpam-krb5.

This is another topic, but thanks for the hint. I / we will take a look...

Thanks and greets from post-Zweibrücken...


mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419

GnuPG Key ID 0xB588399B
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de


Attachment: pgpOMTRIb99Bg.pgp
Description: Digitale PGP-Unterschrift

Reply to: