[OpenAFS-devel] pam_afs.krb.so.1 ticket file naming problem (from OpenAFS 1.2.1 on)
Jaroslaw Polok
Jaroslaw.Polok@cern.ch
Thu, 1 Nov 2001 11:37:47 +0100 (CET)
I recently saw a problem with kerberos ticket file
naming:
all users logging (telnet) on a (linux) system get same
ticket file name:
/tmp/tkt0
thus subsequent logins overwrite other people
ticket file.
Looking at the code and following execution of call to
pam_afs it seems that ktc_set_tkt_string(val) is not
called before ktc_tkt_string() in the auth sequence and
as the result ticket file name is always build from:
sprintf(krb_ticket_string, "%s%d",TKT_ROOT,getuid());
(within ktc_tkt_string())
which would always give /tmp/tkt0 as ticket file name ...
This looks like a bug introduced somewhere in between
OpenAFS 1.1.1 (where it was OK) and 1.2.1 (1.2.2 suffers
from same problem too). ?
__
-------------------------------------------------------
_ Jaroslaw_Polok ___________________ CERN - IT/PDP/SA _
_ http://home.cern.ch/~jpolok ___ tel_+41_22_767_1834 _
_______________________________________________________