[850] in arla-drinkers
problems with PAG and ARLA
daemon@ATHENA.MIT.EDU (Holger Trapp)
Wed May 26 03:06:57 1999
From owner-arla-drinkers@stacken.kth.se Wed May 26 07:06:57 1999
Return-Path: <owner-arla-drinkers@stacken.kth.se>
Delivered-To: arla-drinkers-mtg@bloom-picayune.mit.edu
Received: (qmail 22473 invoked from network); 26 May 1999 07:06:56 -0000
Received: from unknown (HELO sundance.stacken.kth.se) (130.237.234.41)
by bloom-picayune.mit.edu with SMTP; 26 May 1999 07:06:56 -0000
Received: (from majordom@localhost)
by sundance.stacken.kth.se (8.8.8/8.8.8) id JAA11452
for arla-drinkers-list; Wed, 26 May 1999 09:01:20 +0200 (MET DST)
Received: from assaris.sics.se (assaris.sics.se [193.10.66.108])
by sundance.stacken.kth.se (8.8.8/8.8.8) with ESMTP id JAA11448
for <arla-drinkers@stacken.kth.se>; Wed, 26 May 1999 09:01:15 +0200 (MET DST)
Received: (from assar@localhost) by assaris.sics.se (8.9.3/8.7.3) id JAA26240; Wed, 26 May 1999 09:04:42 +0200 (CEST)
Date: Wed, 26 May 1999 08:52:15 +0200 (MEST)
From: Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE>
Reply-To: Holger.Trapp@Informatik.TU-Chemnitz.DE
To: arla-drinkers@stacken.kth.se
Subject: problems with PAG and ARLA
Message-ID: <Pine.LNX.4.10.9905260841120.1912-100000@kirke.informatik.tu-chemnitz.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Lines: 36
X-Mailer: Gnus v5.5/Emacs 19.34
Sender: owner-arla-drinkers@stacken.kth.se
Precedence: bulk
Hello,
I came across a little problem when using SSH 1.2.26 with Dug Song's AFS
patches "ssh-1.2.26-afs-kerberos.patch-1"
(http://www.monkey.org/~dugsong/ssh-afs-kerberos.html) on a machine running
ARLA 0.24 and Linux 2.2.9. My Arla installation uses the KTH Kerberos package
krb4-0.9.9.
In the Secure Shell daemon the PAG is set correctly by k_setpag() but
afterwards destroyed by initgroups(). Below you see an example. I added some
debug messages to sshd. The IDs are printed by the standard tool 'id' which is
invoked via system(). This is an ugly hack, I know, but should show the
relevant info:
before initgroups
uid=0(root) gid=100(users) groups=33536,32513,0(root),1(bin),14(uucp),15(shadow),16(dialout),65534(nogroup)
after initgroups
uid=0(root) gid=100(users) groups=100(users),0(root),0(root),11(httpd)
When running Derek Atkin's port of AFS 3.3a on Linux 2.0.36 the PAG is kept:
before initgroups
uid=0(root) gid=100(users) groups=33536,32513,0(root),1(bin),14(uucp),15(shadow),16(dialout),65534(nogroup)
after initgroups
uid=0(root) gid=100(users) groups=33536,32513,100(users),0(root),0(root),11(httpd)
Might this be an ARLA-specific problem or should it be handled by the AFS
patches for SSH, e.g. by using getgroups()/setgroups()? How could such a
solution look like?
Cheers,
Holger
