Univention Bugzilla – Bug 38757
UCC pam login krb5 vs. ldap issue
Last modified: 2023-06-28 10:33:22 CEST
root@kde2:~# more /etc/pam.d/common-auth| grep 'ldap\|krb' auth [authinfo_unavail=ignore success=2 default=3] pam_krb5.so minimum_uid=1000 try_first_pass auth [authinfo_unavail=ignore success=1 default=2] pam_ldap.so use_first_pass root@kde2:~# more /etc/pam.d/common-account| grep 'ldap\|krb' account [success=1 user_unknown=1 authinfo_unavail=1 default=ignore] pam_ldap.so account required pam_krb5.so minimum_uid=1000 For auth pam_krb5 (samba4) is used, for account pam_ldap (openldap). Problem: if samba (krb5) password expiry and openldap password expiry are not in sync, the login on UCC clients fails (auth pam_krb5 works but account pam_ldap fails)
UCC 1.x / 2.x is out of maintenance. In case this Bug is still relevant please clone with the correct version.