[5326] in testers
Re: Inconsistent handling of KRBTKFILE/KRB5CCNAME by openssh
daemon@ATHENA.MIT.EDU (John Hawkinson)
Mon Apr 28 21:39:58 2003
Date: Mon, 28 Apr 2003 21:39:56 -0400
From: John Hawkinson <jhawk@MIT.EDU>
To: Greg Hudson <ghudson@MIT.EDU>, Garry Zacheiss <zacheiss@MIT.EDU>
Cc: testers@MIT.EDU
Message-ID: <20030429013956.GB27037@multics.mit.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200304290129.h3T1T814029126@brad-majors.mit.edu> <200304281751.h3SHpFaW015659@error-messages.mit.edu>
Greg Hudson <ghudson@MIT.EDU> wrote on Mon, 28 Apr 2003
at 13:51:15 -0400 in <200304281751.h3SHpFaW015659@error-messages.mit.edu>:
> Okay, it's relevant that my sshd was started from an su session, not
> at boot time. I think the culprit is this code excerpt (which is a
> local mod):
>
> /*
> * XXX something bad might happen if you did Krb4 at the same time...
> */
> if ((cp = getenv("KRBTKFILE")) != NULL)
> child_set_env(&env, &envsize, "KRBTKFILE", cp);
>
> I don't know what this is trying to accomplish.
I'm not 100% certain, I'm afraid.
Garry Zacheiss <zacheiss@MIT.EDU> wrote on Mon, 28 Apr 2003
at 21:29:08 -0400 in <200304290129.h3T1T814029126@brad-majors.mit.edu>:
> This is code originally written by jhawk that you checked in when you
> did the initial import of OpenSSH 3.0.2p1; I'm not 100% certain what
> it's original intent was either, but I suspect it's not responsible for
> any 9.2-specific bugs, and I figure that by invoking jhawk by name,
> we'll get an answer to what the code was trying to do.
The log message was:
----------------------------
revision 1.3
date: 2001/11/12 00:10:57; author: jhawk; state: Exp; lines: +79 -0
Add krb524init support.
Also, pass out KRBTKFILE to the child.
----------------------------
which is not terribly informative. It is my recollection that the 524
functinality did not work properly without it, but I'm having trouble
ascertaining just why that might be, and if so, how it interacts with:
747 sprintf(tktname, "KRBTKFILE=/tmp/tkt_p%d",
748 getpid());
749 putenv(xstrdup(tktname));
I note that just beforehand under an #ifdef _AIX, there is:
if ((cp = getenv("KRB5CCNAME")) != NULL)
child_set_env(&env, &envsize, "KRB5CCNAME", cp);
which seem just as screwy.
Sorry this is not so helpful.
[should this be on source-developers?]
--jhawk
