[OpenAFS-devel] pam_afs.krb.so.1 ticket file naming problem (from OpenAFS 1.2.1 on)

Jaroslaw Polok Jaroslaw.Polok@cern.ch
Thu, 1 Nov 2001 11:37:47 +0100 (CET)


 I recently saw a problem with kerberos ticket file
naming: 

 all users logging (telnet) on a (linux) system get same 
 ticket file name:
 
   /tmp/tkt0 

 thus subsequent logins overwrite other people
 ticket file.

Looking at the code and following execution of call to
pam_afs it seems that ktc_set_tkt_string(val) is not
called before ktc_tkt_string() in the auth sequence and
as the result ticket file name is always build from:

sprintf(krb_ticket_string, "%s%d",TKT_ROOT,getuid());

(within ktc_tkt_string())

which would always give /tmp/tkt0 as ticket file name ... 

This looks like a bug introduced somewhere in between
OpenAFS 1.1.1 (where it was OK) and 1.2.1 (1.2.2 suffers
from same problem too). ?

__
-------------------------------------------------------
_ Jaroslaw_Polok ___________________ CERN - IT/PDP/SA _
_ http://home.cern.ch/~jpolok ___ tel_+41_22_767_1834 _
_______________________________________________________