[5382] in Kerberos
Re: "su: may not be called from rc script" under eklogin, OSF/1
daemon@ATHENA.MIT.EDU (pjpark@MIT.EDU)
Wed Jun 14 11:28:14 1995
From: pjpark@MIT.EDU
To: shutton@habanero.ucs.indiana.edu (Scott Hutton)
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of "13 Jun 1995 21:36:39 GMT."
<3rl0d7$duh@usenet.ucs.indiana.edu>
Date: Wed, 14 Jun 1995 11:11:41 EDT
Your "su: may not be called from rc script" under OSF/1 enhanced security
comes from the fact that Kerberos' login modules are not aware of the
underlying security architecture.
The Kerberos rlogind was started by inetd, and since inetd doesn't have a
login uid associated with it, neither does rlogind or login and when you go to
do your "su", it doesn't either. Since, the only processes that are
supposed to be without login uids are the primordial processes run from the
rc scripts, this is the message you get.
Hope this answers your question,
-Paul
