From root@inception.smyrph.net Thu Jul 19 22:11:17 2001 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.72.0.53]) by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id WAA09803 for ; Thu, 19 Jul 2001 22:11:17 -0400 (EDT) Received: from inception.smyrph.net (root@inception.smyrph.net [66.92.69.137]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id WAA28064 for ; Thu, 19 Jul 2001 22:11:16 -0400 (EDT) Received: (from root@localhost) by inception.smyrph.net (8.10.2/8.10.2) id f6K2BGK03448; Thu, 19 Jul 2001 22:11:16 -0400 Message-Id: <200107200211.f6K2BGK03448@inception.smyrph.net> Date: Thu, 19 Jul 2001 22:11:16 -0400 From: david@smyrph.net Reply-To: david@smyrph.net To: krb5-bugs@mit.edu Subject: login.krb5 doesn't fetch tickets for root? X-Send-Pr-Version: 3.99 >Number: 980 >Category: krb5-appl >Synopsis: login.krb5 doesn't fetch tickets for root? >Confidential: no >Severity: non-critical >Priority: medium >Responsible: krb5-unassigned >State: open >Class: change-request >Submitter-Id: unknown >Arrival-Date: Thu Jul 19 22:12:00 EDT 2001 >Last-Modified: >Originator: me? >Organization: just my personal things - smyrph.net >Release: krb5-1.2.2 >Environment: Linux, slackware 7.1, Intel P3 System: Linux inception.smyrph.net 2.4.5-ac21 #2 Thu Jun 28 23:13:43 EDT 2001 i686 unknown Architecture: i686 >Description: sometimes annoying how login.krb5 doesn't fetch tickets for root. >How-To-Repeat: set login.krb5 for your /bin/login (symlink...), login as root, then try running klist - which won't show any tickets! >Fix: This patch lets you add "kinit_root = 1" to [login] in krb5.conf to request login.krb5 to attempt fetching tickets even for root. I left the default for kinit_root not attempt fetching root tickets - to comply with existing behavior. (the patch also corrects an annoyance w/ login.krb5 clearing struct winsize on linux - sent a separate PR) diff -u --new-file --recursive krb5-1.2.2/src/appl/bsd/login.c krb5-1.2.2.noclearwinsize/src/appl/bsd/login.c --- krb5-1.2.2/src/appl/bsd/login.c Wed Feb 28 17:06:43 2001 +++ krb5-1.2.2.noclearwinsize/src/appl/bsd/login.c Thu Jul 19 21:41:22 2001 @@ -60,6 +60,8 @@ int login_accept_passwd = 0; +int login_kinit_root = 0; + /* * login [ name ] * login -r hostname (for rlogind) @@ -113,6 +115,7 @@ * initializing these values anyway -- tcgetattr *should* give * them reasonable defaults... */ #define NO_INIT_CC +#define NO_SET_TIOCSWINSZ #endif #include @@ -348,6 +351,7 @@ "krb4_get_tickets", &login_krb4_get_tickets, "krb4_convert", &login_krb4_convert, "krb4_run_aklog", &login_krb_run_aklog, + "kinit_root", &login_kinit_root, #endif /* KRB5_KRB4_COMPAT */ }; @@ -1291,7 +1295,7 @@ lpass_ok = unix_passwd_okay(user_pwstring); - if (pwd->pw_uid != 0) { /* Don't get tickets for root */ + if (pwd->pw_uid != 0 || login_kinit_root) { /* Don't get tickets for root */ try_krb5(&me, user_pwstring); #ifdef KRB4_GET_TICKETS @@ -1438,11 +1442,13 @@ quietlog = access(HUSHLOGIN, F_OK) == 0; dolastlog(quietlog, tty); +#ifndef NO_SET_TIOCSWINSZ if (!hflag && !rflag && !kflag && !Kflag && !eflag) { /* XXX */ static struct winsize win = { 0, 0, 0, 0 }; (void)ioctl(0, TIOCSWINSZ, (char *)&win); } +#endif (void)chown(ttyn, pwd->pw_uid, (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid); >Audit-Trail: >Unformatted: