[5321] in testers
Inconsistent handling of KRBTKFILE/KRB5CCNAME by openssh
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sun Apr 27 13:16:05 2003
Date: Sun, 27 Apr 2003 13:16:00 -0400
Message-Id: <200304271716.h3RHG0of019128@error-messages.mit.edu>
From: Greg Hudson <ghudson@MIT.EDU>
To: testers@MIT.EDU
I've been sshing to localhost using RSA authentication in order to
test some non-work-related code. I've noticed that when I do so, my
KRB5CCNAME is reset to krb5cc_p<pid> but my KRBTKFILE is inherited
from the client, so I have krb4 tickets and not krb5 tickets. Logging
out of course destroys my krb4 tickets and leaves behind my krb5
tickets.
This isn't a terribly high-priority bug since we don't encourage RSA
authentication, but it still seems poor.
(This is on a 9.2 Linux box; I don't know if 9.1 behaves the same
way.)
