[OpenAFS] Changes for Mosaic's AFS cell...

Derrick J Brashear shadow@dementia.org
Thu, 6 Apr 2006 14:14:25 -0400 (EDT)

On Thu, 6 Apr 2006, Christopher Allen Wing wrote:

>> What does Linux have to do with it? I had a module which worked on Linux 
>> and Solaris in 1998 or so... which handled all 3 cases
> I was aware of this behavior with some Linux PAM modules, I'm not familiar 
> with what every other OS and every other other PAM module did, that's all.

Fair. I'd argue targeting one platform is crappy, but I actually gave up 
on pam like 5 years ago as futile.

>> but did not honor env, though I suppose with the relevant checks you could 
>> avoid the attack I was concerned about... which at this point I no longer 
>> even remember the details of.
> On these particular (Linux) systems, xscreensaver didn't run as root, so you 
> couldn't attack it by feeding it an incorrect $KRB5CCNAME.

Actually, now I do remember. 1) a primitive I wanted didn't exist in krb4 
and so i was doing something ugly and 2) whether you were root or yourself 
was not well-defined and so there was some hoop-jumpoing to make sure the 
ticket file ended up being owned correctly which was made harder if you 
wanted to reuse an existing ticket file.