[2641] in Kerberos-V5-bugs
krb5-appl/350: Login still doesn't destroy AFS tokens
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Fri Jan 24 01:37:22 1997
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, kenh@cmf.nrl.navy.mil
Date: Fri, 24 Jan 1997 01:36:20 -0500 (EST)
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Reply-To: kenh@cmf.nrl.navy.mil
To: krb5-bugs@MIT.EDU
>Number: 350
>Category: krb5-appl
>Synopsis: Ticket destroying code in login.krb5 doesn't work
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Jan 24 01:37:00 EST 1997
>Last-Modified:
>Originator: Ken Hornstein
>Organization:
Navel Research Lab
>Release: 1.0
>Environment:
System: SunOS nexus 4.1.4 2 sun4m
Architecture: sun4
>Description:
The code in login.krb5 to destroy AFS tokens was re-organized to make
it actually work. However, it still doesn't (it _almost_ works :-) ).
What happens is that afs_login is called after the login process has
already forked. This causes two things to happen:
1) Only the child process is in the PAG (ie - the parent isn't, and can't
access the token).
2) The pagflag variable only gets set in the child, so the parent doesn't
even _try_ to destroy the token.
>How-To-Repeat:
Use kdump to display the AFS token list and observe that tokens aren't getting
destroyed.
>Fix:
I'd send a context diff, but I've made a bazillion changes to login and
I can't easily separate those changes out. The gist is, however, make sure
you call setpag before you fork (I created a separate afs_setpag function).
>Audit-Trail:
>Unformatted: