Comment 3 for bug 579826

Hi Steve,

I've played around with this a bit, and it seems to work as intended. The only odd result I was able to get was with the following sequence of actions:

1. Enable the "krb5" profile.

2. Edit minimum_uid=1000 to some other value (say, 2000) in /etc/pam.d/common-*.

3. Edit minimum_uid=1000 to yet another value (say, 3000) in /usr/share/pam-configs/krb5.

4. pam-auth-update

5. Now, pam_krb5 is being passed e.g. "minimum_uid=3000 try_first_pass minimum_uid=2000".

Step #3 could be considered a foul, but it's a possibility if some PAM-module package gets updated.