Bug#376803: kdesktop: kdesktop_lock fails to renew Kerberos tickets with pam_krb5

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#376803: kdesktop: kdesktop_lock fails to renew Kerberos tickets with pam_krb5
From: marcus@better.se
Date: Wed, 5 Jul 2006 08:42:00 +0200
Message-id: <[🔎] 200607050642.k656g0jW019221@kakmonster.int.dactylis.com>
Reply-to: marcus@better.se, 376803@bugs.debian.org

Package: kdesktop
Version: 4:3.5.3-2
Severity: normal

I'm using pam_krb5 with a Heimdal KDC to authenticate logins. When I
log in with KDM, it fetches a ticket for the user. But after the
session is locked and then unlocked, the ticket is not renewed.

When unlocking the session I can see the following in the KDC log:

2006-06-19T08:59:50 AS-REQ marcus@EXAMPLE.COM from IPv4:192.168.100.4 for krbtgt/EXAMPLE.COM@EXAMPLE.COM
2006-06-19T08:59:50 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2006-06-19T08:59:50 Requested flags: renewable_ok, forwardable
2006-06-19T08:59:50 sending 629 bytes to IPv4:192.168.100.4

Here is my pam setup:

# /etc/pam.d/common-auth - authentication settings common to all services
auth  sufficient  pam_krb5.so ignore_root forwardable
auth  required    pam_unix.so try_first_pass nullok_secure

# /etc/pam.d/common-account - authorization settings common to all services
account  required    pam_krb5.so ignore_root
account  required    pam_unix.so

# /etc/pam.d/common-session - session-related modules common to all services
session  optional  pam_krb5.so ignore_root
session  required  pam_unix.so
session  optional  pam_umask.so umask=002

# /etc/pam.d/kscreensaver - specify the PAM behaviour of kscreensaver
@include common-auth
@include common-account
@include common-password
@include common-session

# /etc/pam.d/kcheckpass - specify the PAM behaviour of kcheckpass
@include common-auth
@include common-account
@include common-password
@include common-session

# /etc/pam.d/other - specify the PAM fallback behaviour
@include common-auth
@include common-account
@include common-password
@include common-session

libpam-krb5 is version 1.2.0-3. 

Versions of packages libpam-krb5 depends on:
ii  krb5-config                   1.8        Configuration files for Kerberos V
ii  libc6                         2.3.6-13   GNU C Library: Shared libraries
ii  libcomerr2                    1.39-1     common error description library
ii  libkrb53                      1.4.3-7    MIT Kerberos runtime libraries
ii  libpam0g                      0.79-3.1   Pluggable Authentication Modules l

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)

Versions of packages kdesktop depends on:
ii  kdebase-bin                 4:3.5.3-2    core binaries for the KDE base mod
ii  kdelibs4c2a                 4:3.5.3-1    core libraries and binaries for al
ii  libart-2.0-2                2.3.17-1     Library of functions for 2D graphi
ii  libaudio2                   1.7-9        The Network Audio System (NAS). (s
ii  libc6                       2.3.6-13     GNU C Library: Shared libraries
ii  libfontconfig1              2.3.2-5.1    generic font configuration library
ii  libfreetype6                2.2.1-2      FreeType 2 font engine, shared lib
ii  libgcc1                     1:4.1.0-4    GCC support library
ii  libgl1-mesa-glx [libgl1]    6.4.2-1      A free implementation of the OpenG
ii  libglu1-mesa [libglu1]      6.4.2-1      The OpenGL utility library (GLU)
ii  libice6                     1:1.0.0-3    X11 Inter-Client Exchange library
ii  libidn11                    0.5.18-2     GNU libidn library, implementation
ii  libjpeg62                   6b-13        The Independent JPEG Group's JPEG 
ii  libkonq4                    4:3.5.3-2    core libraries for Konqueror
ii  libpng12-0                  1.2.8rel-5.1 PNG library - runtime
ii  libqt3-mt                   3:3.3.6-2    Qt GUI Library (Threaded runtime v
ii  libsm6                      1:1.0.0-4    X11 Session Management library
ii  libstdc++6                  4.1.0-4      The GNU Standard C++ Library v3
ii  libx11-6                    2:1.0.0-6    X11 client-side library
ii  libxau6                     1:1.0.0-3    X11 authorisation library
ii  libxcursor1                 1.1.5.2-5    X cursor management library
ii  libxext6                    1:1.0.0-4    X11 miscellaneous extension librar
ii  libxft2                     2.1.8.2-8    FreeType-based font drawing librar
ii  libxi6                      1:1.0.0-5    X11 Input extension library
ii  libxinerama1                1:1.0.1-4    X11 Xinerama extension library
ii  libxrandr2                  2:1.1.0.2-4  X11 RandR extension library
ii  libxrender1                 1:0.9.0.2-4  X Rendering Extension client libra
ii  libxss1                     1:1.0.1-4    X11 Screen Saver extension library
ii  libxt6                      1:1.0.0-5    X11 toolkit intrinsics library
ii  libxxf86misc1               1:1.0.0-4    X11 XFree86 miscellaneous extensio
ii  zlib1g                      1:1.2.3-11   compression library - runtime

Versions of packages kdesktop recommends:
ii  eject                         2.1.4-1    ejects CDs and operates CD-Changer

-- no debconf information

Reply to:

Prev by Date: [bts-link] source package kdenetwork
Next by Date: Bug#376804: akregator: forgets seen status of articles
Previous by thread: Processed: [bts-link] source package kdenetwork
Next by thread: Bug#376804: akregator: forgets seen status of articles
Index(es):
- Date
- Thread