I found out that the pam_krb5-3.8 module by Russ Allbery from bug 163840 comment 22 does not provide an ignore_unknown_principal option, which might be needed for migration. Further investigations turned up a version 2.2.18 by Nalin Dahyabhai from RedHat (see URL) which seems to be closely related to the 2.2.6 currently in portage without any keywords. Should those two get different package names?
Created attachment 133773 [details, diff] Patch from 2.2.6 to 2.2.18 ebuild Changes: 1. Version adjusted 2. No RPM but tarball for sources 3. afs USE flag 4. Better quoting This ebuild compiles cleanly on a stable x86 with heimdal.
Yeah wonderful, let's have 3 different forks that noone maintains. Seriously, move your concerns/feature requests upstream because this is plain insane.
See bug #199370 for a follow-up.
*** Bug 199370 has been marked as a duplicate of this bug. ***
I haven't tried this yet, but I guess that the effect of the ignore_unknown_principal option mentioned in comment 0 could be duplicated by some more advanced PAM configuration, namely by specifying user_unknown=ignore as part of the control value. Therefore I see no immediate need for this module here, and would be happy if this bug here stays closed and bug 163840 gets fixed.
