Bug#376803: kdesktop: kdesktop_lock fails to renew Kerberos tickets with pam_krb5
Package: kdesktop
Version: 4:3.5.3-2
Severity: normal
I'm using pam_krb5 with a Heimdal KDC to authenticate logins. When I
log in with KDM, it fetches a ticket for the user. But after the
session is locked and then unlocked, the ticket is not renewed.
When unlocking the session I can see the following in the KDC log:
2006-06-19T08:59:50 AS-REQ marcus@EXAMPLE.COM from IPv4:192.168.100.4 for krbtgt/EXAMPLE.COM@EXAMPLE.COM
2006-06-19T08:59:50 Using aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
2006-06-19T08:59:50 Requested flags: renewable_ok, forwardable
2006-06-19T08:59:50 sending 629 bytes to IPv4:192.168.100.4
Here is my pam setup:
# /etc/pam.d/common-auth - authentication settings common to all services
auth sufficient pam_krb5.so ignore_root forwardable
auth required pam_unix.so try_first_pass nullok_secure
# /etc/pam.d/common-account - authorization settings common to all services
account required pam_krb5.so ignore_root
account required pam_unix.so
# /etc/pam.d/common-session - session-related modules common to all services
session optional pam_krb5.so ignore_root
session required pam_unix.so
session optional pam_umask.so umask=002
# /etc/pam.d/kscreensaver - specify the PAM behaviour of kscreensaver
@include common-auth
@include common-account
@include common-password
@include common-session
# /etc/pam.d/kcheckpass - specify the PAM behaviour of kcheckpass
@include common-auth
@include common-account
@include common-password
@include common-session
# /etc/pam.d/other - specify the PAM fallback behaviour
@include common-auth
@include common-account
@include common-password
@include common-session
libpam-krb5 is version 1.2.0-3.
Versions of packages libpam-krb5 depends on:
ii krb5-config 1.8 Configuration files for Kerberos V
ii libc6 2.3.6-13 GNU C Library: Shared libraries
ii libcomerr2 1.39-1 common error description library
ii libkrb53 1.4.3-7 MIT Kerberos runtime libraries
ii libpam0g 0.79-3.1 Pluggable Authentication Modules l
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)
Versions of packages kdesktop depends on:
ii kdebase-bin 4:3.5.3-2 core binaries for the KDE base mod
ii kdelibs4c2a 4:3.5.3-1 core libraries and binaries for al
ii libart-2.0-2 2.3.17-1 Library of functions for 2D graphi
ii libaudio2 1.7-9 The Network Audio System (NAS). (s
ii libc6 2.3.6-13 GNU C Library: Shared libraries
ii libfontconfig1 2.3.2-5.1 generic font configuration library
ii libfreetype6 2.2.1-2 FreeType 2 font engine, shared lib
ii libgcc1 1:4.1.0-4 GCC support library
ii libgl1-mesa-glx [libgl1] 6.4.2-1 A free implementation of the OpenG
ii libglu1-mesa [libglu1] 6.4.2-1 The OpenGL utility library (GLU)
ii libice6 1:1.0.0-3 X11 Inter-Client Exchange library
ii libidn11 0.5.18-2 GNU libidn library, implementation
ii libjpeg62 6b-13 The Independent JPEG Group's JPEG
ii libkonq4 4:3.5.3-2 core libraries for Konqueror
ii libpng12-0 1.2.8rel-5.1 PNG library - runtime
ii libqt3-mt 3:3.3.6-2 Qt GUI Library (Threaded runtime v
ii libsm6 1:1.0.0-4 X11 Session Management library
ii libstdc++6 4.1.0-4 The GNU Standard C++ Library v3
ii libx11-6 2:1.0.0-6 X11 client-side library
ii libxau6 1:1.0.0-3 X11 authorisation library
ii libxcursor1 1.1.5.2-5 X cursor management library
ii libxext6 1:1.0.0-4 X11 miscellaneous extension librar
ii libxft2 2.1.8.2-8 FreeType-based font drawing librar
ii libxi6 1:1.0.0-5 X11 Input extension library
ii libxinerama1 1:1.0.1-4 X11 Xinerama extension library
ii libxrandr2 2:1.1.0.2-4 X11 RandR extension library
ii libxrender1 1:0.9.0.2-4 X Rendering Extension client libra
ii libxss1 1:1.0.1-4 X11 Screen Saver extension library
ii libxt6 1:1.0.0-5 X11 toolkit intrinsics library
ii libxxf86misc1 1:1.0.0-4 X11 XFree86 miscellaneous extensio
ii zlib1g 1:1.2.3-11 compression library - runtime
Versions of packages kdesktop recommends:
ii eject 2.1.4-1 ejects CDs and operates CD-Changer
-- no debconf information
Reply to: