[OpenAFS-devel] pam_afs.krb.so.1 ticket file naming problem (from OpenAFS 1.2.1 on)
Derek Atkins
openafs-devel@openafs.org
19 Feb 2002 10:31:09 -0500
This implies that either KRBTKFILE is not being set properly, or the
'KRBTKFILE autocreation' is running in root's context instead of the
user's context. I don't know enough about the PAM implementation to
tell you which is happening.
-derek
Rudolph T Maceyko <rtm@cert.org> writes:
> I *still* see this problem with OpenAFS-1.2.3 (locally built from the
> SRPM for Red Hat 7.2 but w/o any source changes).
>
> auth sufficient /lib/security/pam_afs.krb.so try_first_pass
> ignore_root setenv_password_expires
>
> Now what? :-)
>
> Red Hat 7.2 +all errata
>
> Thanks,
> -Rudy
>
> --On Friday, November 02, 2001 02:50:13 -0500 Derrick J Brashear
> <shadow@dementia.org> wrote:
>
> > On Thu, 1 Nov 2001, Jaroslaw Polok wrote:
> >
> >> I recently saw a problem with kerberos ticket file
> >> naming:
> >>
> >> all users logging (telnet) on a (linux) system get same
> >> ticket file name:
> >>
> >> /tmp/tkt0
> >>
> .
> .
> .
> > Previously the code in afs_auth.c which called ka_VerifyUserPassword
> > set KA_USERAUTH_DOSETPAG in addition to KA_USERAUTH_VERSION whereas
> > now setpag() is called explicitly. I believe if after the calls to
> > setpag() in afs_auth.c and afs_setcred.c you add:
> >
> > #ifdef AFS_KERBEROS_ENV
> > ktc_newpag();
> > #endif
> >
> > and compile, it will fix your problem.
>
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
--
Derek Atkins
Computer and Internet Security Consultant
derek@ihtfp.com www.ihtfp.com