Ticket History #2158: Krb4 popups must be disabled in leash when attempting to obtain AFS tokens

# Fri Jan 23 02:33:59 2004 jaltman (Jeffrey Altman) - Ticket #2146: - Ticket created

Subject:	What mechanism ENV variable or other should be used to disable automatic kinit popups?
Cc:	mjv@mit.edu

Download (untitled) / with headers
text/plain 293B

Now that there are automatic kinit popups provided in gssapi and some
krb5 functions there needs to be a method for disabling them for
programs which absolutely do not want them.

If this has been implemented in KfM, what mechanism was used?

This should be in 1.3.2 for both KfM and KfW.

# Fri Jan 23 02:34:38 2004 jaltman (Jeffrey Altman) - Ticket #2146: - Component krb5-libs added

# Fri Jan 23 02:34:38 2004 jaltman (Jeffrey Altman) - Ticket #2146: - Version_reported 1.3.2 added

# Sat Jan 24 11:17:18 2004 jaltman (Jeffrey Altman) - Ticket created

Subject:	Krb4 popups must be disabled in leash when attempting to obtain AFS tokens
Cc:	mjv@mit.edu

Download (untitled) / with headers
text/plain 283B

If the current realm is Krb5 only and there is no krb524 or krb4 support
in that realm, then an attempt to obtain an AFS token for a cell with
the same name as the realm will produce a kinit dialog from
krb_mk_req(). We need to disable popups within the Leash_afs_klog()
function.

# Sat Jan 24 11:17:58 2004 jaltman (Jeffrey Altman) - Ticket 2158 DependsOn ticket 2146.

# Sat Jan 24 11:18:21 2004 jaltman (Jeffrey Altman) - Ticket #2146: - Target_Version 1.3.2 added

# Sat Jan 24 11:46:22 2004 jaltman (Jeffrey Altman) - Correspondence added

Download (untitled) / with headers
text/plain 262B

I have added code to address this by checking the return value of
krb_get_cred() in the initial attempt. If the response is NO_TKT_FIL
then I abort the attempt to obtain AFS tokens via krb4.

This avoids the call to krb_mk_req() which displays the kinit dialog

# Sat Jan 24 11:48:23 2004 jaltman (Jeffrey Altman) - Status changed from 'new' to 'open'

# Sat Jan 24 11:48:23 2004 jaltman (Jeffrey Altman) - Correspondence added

Download (untitled) / with headers
text/plain 254B

Of course, the previous fix is wrong since Leash_afs_klog() is supposed
to be callable from programs other than Leash which might want the kinit
dialog to be displayed.

Once we have an ENV to disable this the Leash will have to set it upon
startup.

# Mon Jan 26 16:43:51 2004 lxs (Alexandra Ellwood) - Ticket #2146: - Correspondence added

Download (untitled) / with headers
text/plain 336B

Show quoted text

> If this has been implemented in KfM, what mechanism was used?

KLL will not automatically generate the dialog if the environment
variable KERBEROSLOGIN_NEVER_PROMPT is set, or if the caller calls the
private API

KLStatus __KLSetAutomaticPrompting (KLBoolean inAllowAutomaticPrompting);

with inAllowAutomaticPrompting set to FALSE.

# Mon Jan 26 16:53:37 2004 jaltman (Jeffrey Altman) - Ticket #2146: - Stolen from lxs (Alexandra Ellwood)

# Fri Jan 30 19:03:42 2004 jaltman (Jeffrey Altman) - Ticket #2146: - Queue changed from krb5 to kfw

# Sat Jan 31 04:35:40 2004 jaltman (Jeffrey Altman) - Ticket #2146: - Ticket 2146 MergedInto ticket 2158.

# Sat Jan 31 14:42:54 2004 jaltman (Jeffrey Altman) - Status changed from 'open' to 'resolved'

# Sat Jan 31 14:42:55 2004 jaltman (Jeffrey Altman) - Comments added

Download (untitled) / with headers
text/plain 106B

Support for the KERBEROSLOGIN_NEVER_PROMPT environment variable committed
to Leash, Kclient, and Krbv4w32