[3354] in Kerberos-V5-bugs

home help back first fref pref prev next nref lref last post

krb5-appl/1110: login(8) sets KRB5CCNAME different to klist(1)

daemon@ATHENA.MIT.EDU (darrenr@chiron.nabaus.com.au)
Tue May 21 04:29:32 2002

Resent-From: gnats@rt-11.mit.edu (GNATS Management)
Resent-To: krb5-unassigned@rt-11.mit.edu
Resent-Reply-To: krb5-bugs@mit.edu, darrenr@chiron.nabaus.com.au
Message-Id: <200205210827.SAA12282@chiron.rais.nabaus.com.au>
From: darrenr@chiron.nabaus.com.au
Reply-To: darrenr@chiron.nabaus.com.au
To: krb5-bugs@mit.edu
Cc: darrenr@chiron.nabaus.com.au
Errors-To: krb5-bugs-admin@mit.edu
Date: Tue, 21 May 2002 18:27:47 +1000 (EST)


>Number:         1110
>Category:       krb5-appl
>Synopsis:       login(8) sets KRB5CCNAME different to klist(1)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    krb5-unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Tue May 21 04:28:01 EDT 2002
>Last-Modified:
>Originator:     Darren Reed
>Organization:
Optimation
>Release:        krb5-1.2.5
>Environment:
	
System: SunOS chiron 5.5.1 Generic_103640-34 sun4u sparc SUNW,Ultra-2
Architecture: sun4

>Description:
When logging in, login.krb5 sets $KRB5CCNAME to /tmp/krb5cc_p<PID>
whereas klist uses /tmp/krb5cc_<UID>.  So if we are logged in to a
host and then telnet back to itself and login is ourself, klist will
not display any tickets.
>How-To-Repeat:
L1$ unset KRB5CCNAME
L1$ kinit
<enter password>
L1$ klist
<displays tickets>
L1$ telnet -x localhost
L2$ klist
<no tickets displayed>
>Fix:
login.krb5 should be more intelligent about its choice for $KRB5CCNAME.
If it can see a krb5cc_<UID> that is owned by the right UID and has
adequate permissions, perhaps it should set $KRB5CCNAME to that instead.
>Audit-Trail:
>Unformatted:
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
home help back first fref pref prev next nref lref last post