Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 2292 From kenh@cmf.nrl.navy.mil Fri Jan 24 01:36:25 1997 Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id BAA11308 for ; Fri, 24 Jan 1997 01:36:24 -0500 Received: from [134.207.10.161] by MIT.EDU with SMTP id AA22525; Fri, 24 Jan 97 01:36:23 EST Received: from nexus.cmf.nrl.navy.mil (kenh@nexus.cmf.nrl.navy.mil [134.207.10.9]) by ginger.cmf.nrl.navy.mil (8.7.5/8.7.3) with ESMTP id BAA10462 for ; Fri, 24 Jan 1997 01:36:17 -0500 (EST) Received: (kenh@localhost) by nexus.cmf.nrl.navy.mil (8.7.5/8.6.11) id BAA04990; Fri, 24 Jan 1997 01:36:20 -0500 (EST) Message-Id: <199701240636.BAA04990@nexus.cmf.nrl.navy.mil> Date: Fri, 24 Jan 1997 01:36:20 -0500 (EST) From: Ken Hornstein Reply-To: kenh@cmf.nrl.navy.mil To: krb5-bugs@MIT.EDU Subject: Login still doesn't destroy AFS tokens X-Send-Pr-Version: 3.99 >Number: 350 >Category: krb5-appl >Synopsis: Ticket destroying code in login.krb5 doesn't work >Confidential: no >Severity: non-critical >Priority: medium >Responsible: krb5-unassigned >State: open >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Fri Jan 24 01:37:00 EST 1997 >Last-Modified: >Originator: Ken Hornstein >Organization: Navel Research Lab >Release: 1.0 >Environment: System: SunOS nexus 4.1.4 2 sun4m Architecture: sun4 >Description: The code in login.krb5 to destroy AFS tokens was re-organized to make it actually work. However, it still doesn't (it _almost_ works :-) ). What happens is that afs_login is called after the login process has already forked. This causes two things to happen: 1) Only the child process is in the PAG (ie - the parent isn't, and can't access the token). 2) The pagflag variable only gets set in the child, so the parent doesn't even _try_ to destroy the token. >How-To-Repeat: Use kdump to display the AFS token list and observe that tokens aren't getting destroyed. >Fix: I'd send a context diff, but I've made a bazillion changes to login and I can't easily separate those changes out. The gist is, however, make sure you call setpag before you fork (I created a separate afs_setpag function). >Audit-Trail: >Unformatted: