[3634] in Kerberos-V5-bugs
[krbdev.mit.edu #1056]krb4 tickets cannot be read as root
daemon@ATHENA.MIT.EDU (Sam Hartman via RT)
Mon Nov 11 15:01:35 2002
Mail-Followup-To: rt@krbdev.mit.edu
Message-Id: <rt-1056-3664.16.6620360685461@krbdev.mit.edu>
In-Reply-To: <rt-1056@krbdev.mit.edu>
From: "Sam Hartman via RT" <rt-comment@krbdev.mit.edu>
Reply-To: rt-comment@krbdev.mit.edu
Mail-Copies-To: never
To: daniel@unity.ncsu.edu
Cc: krb5-prs@mit.edu
Errors-To: krb5-bugs-admin@mit.edu
Date: Mon, 11 Nov 2002 14:55:24 -0500 (EST)
Hi. As you theorized in a ticket you opened this February, it is a
design decision that root cannot read other users' krb4 tickets.
I'm not sure why this design decision was made but we are not
interested in examining that decision at this point in the krb4 life
cycle.
Your PAM module and login programs should not be doing Kerberos
credentials cache operations as root. Instead, you should get tickets
as root into a memory cache, verify them against the host keytab, then
later in the setcred or open_session phase, seteuid to the user, write
out the credentials, and write out krb4 tickets. You can setpag and
get AFS tokens at this point or do it in a later PAM module, but you
should do so while setuid to the user.
Using seteuid instead of chown is very important because it will
continue to work even if we move towards Unix sockets or shared memory
for cache representations.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
