"Daniel Richard G." <email address hidden> writes:
> What about just punting on upgrades altogether, and putting in the
> rearranged config only on a new install? Could that be done with
> appropriate postinst magic?
The tricky part is coordination. At what point can libpam-krb5 drop the
minimum_uid setting and assume that it's in krb5.conf?
> Alternately, you could pop up a big scary debconf warning... there's
> ample precedent for that.
My concern with this is that I think this only affects a small set of
users of the packages, so I'm reluctant to bother the other ones. One has
to both have a mix of Kerberos-authenticated and non-Kerberos users,
distinguish by UID, and mind the silent Kerberos authentication failure
when handling the UNIX login.
"Daniel Richard G." <email address hidden> writes:
> What about just punting on upgrades altogether, and putting in the
> rearranged config only on a new install? Could that be done with
> appropriate postinst magic?
The tricky part is coordination. At what point can libpam-krb5 drop the
minimum_uid setting and assume that it's in krb5.conf?
> Alternately, you could pop up a big scary debconf warning... there's
> ample precedent for that.
My concern with this is that I think this only affects a small set of authenticated and non-Kerberos users,
users of the packages, so I'm reluctant to bother the other ones. One has
to both have a mix of Kerberos-
distinguish by UID, and mind the silent Kerberos authentication failure
when handling the UNIX login.
-- www.eyrie. org/~eagle/>
Russ Allbery (<email address hidden>) <http://