[3279] in Kerberos-V5-bugs
pending/1024: FTPd no user home directory on Solaris causes hang
daemon@ATHENA.MIT.EDU (cthallen@aol.net)
Thu Dec 6 12:37:03 2001
Resent-From: gnats@rt-11.mit.edu (GNATS Management)
Resent-To: gnats-admin@rt-11.mit.edu
Resent-Reply-To: krb5-bugs@MIT.EDU, cthallen@aol.net
Message-Id: <200112061736.MAA09891@darkthunder.office.aol.com>
Date: Thu, 6 Dec 2001 12:36:33 -0500 (EST)
From: cthallen@aol.net
Reply-To: cthallen@aol.net
To: krb5-bugs@mit.edu
Cc: syssec@aol.net
>Number: 1024
>Category: pending
>Synopsis: FTPd no user home directory on Solaris causes hang during login
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Dec 6 12:37:00 EST 2001
>Last-Modified:
>Originator: Chris Hallenbeck
>Organization:
>Release: krb5-1.2.2
>Environment:
System: SunOS ktest 5.7 Generic_106541-09 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4
>Description:
When using MIT ftp client to connect to an MIT (or Cygnus Kerbnet) ftp
daemon -- where the target host is Solaris 2.6 or newer, the login process will
hang if the target user does not have an accessible home directory (bad perms
or non-existant path).
>How-To-Repeat:
1) Remove/rename home directory of target user on a Solaris 2.6 or newer host.
2) ftp to target host, when prompted for a username, enter the target user that
has no home directory
You will receive a banner similar to:
232 GSSAPI user ________@TEST.COM is authorized as _target-user_
and the connection will hang.
3) Performing a clear-text login using the OS-supplied ftp client will NOT encounter
this hang. It appears that the "230- No directory! Logging in with home=/" error
message from the MIT ftp daemon confuses the MIT ftp client.
>Fix:
1) If practical, create a user home directory (not always possible due to policy/politics).
2) Use encrypted rcp. :-(
>Audit-Trail:
>Unformatted:
