Comment 6 for bug 275169

For comparison, here's the /usr/share/pam-configs/krb5 I've been using locally for testing:

Name: Kerberos authentication
Default: yes
Priority: 704
Auth-Type: Primary
Auth:
 [success=end default=ignore] pam_krb5.so minimum_uid=1000 try_first_pass
Auth-Initial:
 [success=end default=ignore] pam_krb5.so minimum_uid=1000
Account-Type: Primary
Account:
 [success=end new_authtok_reqd=done default=ignore] pam_krb5.so
Password-Type: Primary
Password:
 requisite pam_krb5.so use_authtok try_first_pass minimum_uid=1000
Password-Initial:
 requisite pam_krb5.so minimum_uid=1000

Bryan, does this config look like it's compatible with your setup? Could you test that it works in your environment, in which case I'll upload it to jaunty?

BTW, I've never needed to use the pam_krb5 session module. As far as I'm aware, that only exists as a workaround for services that don't call pam_setcred() as expected. Do you know of specific cases where this is needed in your environment?