[2641] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

krb5-appl/350: Login still doesn't destroy AFS tokens

daemon@ATHENA.MIT.EDU (Ken Hornstein)
Fri Jan 24 01:37:22 1997

Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, kenh@cmf.nrl.navy.mil
Date: Fri, 24 Jan 1997 01:36:20 -0500 (EST)
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Reply-To: kenh@cmf.nrl.navy.mil
To: krb5-bugs@MIT.EDU


>Number:         350
>Category:       krb5-appl
>Synopsis:       Ticket destroying code in login.krb5 doesn't work
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    krb5-unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Fri Jan 24 01:37:00 EST 1997
>Last-Modified:
>Originator:     Ken Hornstein
>Organization:
Navel Research Lab
	
>Release:        1.0
>Environment:
	
System: SunOS nexus 4.1.4 2 sun4m
Architecture: sun4

>Description:
	
The code in login.krb5 to destroy AFS tokens was re-organized to make
it actually work.  However, it still doesn't (it _almost_ works :-) ).

What happens is that afs_login is called after the login process has
already forked.  This causes two things to happen:

1) Only the child process is in the PAG (ie - the parent isn't, and can't
   access the token).
2) The pagflag variable only gets set in the child, so the parent doesn't
   even _try_ to destroy the token.
>How-To-Repeat:
	
Use kdump to display the AFS token list and observe that tokens aren't getting
destroyed.
>Fix:
	
I'd send a context diff, but I've made a bazillion changes to login and
I can't easily separate those changes out.  The gist is, however, make sure
you call setpag before you fork (I created a separate afs_setpag function).
>Audit-Trail:
>Unformatted:

home help back first fref pref prev next nref lref last post