Skip Menu |

Download (untitled) / with headers
text/plain 4.6KiB
From Thu Oct 17 19:08:15 2013
Return-Path: <>
Received: from (PCH.MIT.EDU [])
by (Postfix) with ESMTP id 700155BAD7;
Thu, 17 Oct 2013 19:08:15 -0400 (EDT)
Received: from ( [])
by (8.13.6/8.12.8) with ESMTP id r9HN8DWs007177;
Thu, 17 Oct 2013 19:08:13 -0400
Received: from ( [])
by (8.13.6/8.12.8) with ESMTP id r9HMjWJp004381
for <>; Thu, 17 Oct 2013 18:45:32 -0400
Received: from (
by (8.13.8/8.9.2) with ESMTP id r9HMjSi1029025
for <>; Thu, 17 Oct 2013 18:45:31 -0400
X-AuditID: 12074424-b7f528e0000009aa-a7-5260688a6daf
Authentication-Results: symauth.service.identifier; spf=pass; senderid=pass
Received: from ( [])
by (Symantec Messaging Gateway) with SMTP
id 4D.B6.02474.A8860625; Thu, 17 Oct 2013 18:45:31 -0400 (EDT)
Received: from
( [])
by (8.14.4/8.14.4) with ESMTP id r9HMjTvl002724
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
for <>; Thu, 17 Oct 2013 18:45:29 -0400
Received: from ([])
by (8.13.8/8.13.8) with ESMTP
id r9HMjSDG010373
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <>; Thu, 17 Oct 2013 18:45:29 -0400
Received: from (localhost.localdomain [])
by (8.14.7/8.14.5) with ESMTP id r9HMjSCP022296
for <>; Thu, 17 Oct 2013 18:45:28 -0400
Received: (from nalin@localhost)
by (8.14.7/8.14.7/Submit) id r9HMjRWx022295;
Thu, 17 Oct 2013 18:45:27 -0400
Date: Thu, 17 Oct 2013 18:45:27 -0400
Message-Id: <>
Subject: ksu assumes the invoking user's using a FILE: ccache
X-send-pr-version: 3.99
X-Scanned-By: MIMEDefang 2.67 on
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpgleJIrShJLcpLzFFi42K52LJdRrc7IyHIYPl1WYuGh8fZHRg9ms4c
X-Mailman-Approved-At: Thu, 17 Oct 2013 19:08:11 -0400
X-Mailman-Version: 2.1.6
Precedence: list

Show quoted text
>Submitter-Id: net
>Confidential: no
>Synopsis: ksu assumes the invoking user's using a FILE: ccache
>Severity: non-critical
>Priority: low
>Category: krb5-clients
>Class: sw-bug
>Release: 1.11.3

System: Linux 3.11.2-301.fc20.x86_64 #1 SMP Fri Sep 27 19:45:03 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Architecture: x86_64

Show quoted text
We've been testing with default_ccache_name set to DIR: and KEYRING:
types, and it appears that ksu isn't able to read creds from them.
Show quoted text
Add your test principal name to root's .k5login
Set KRB5CCNAME to point to a DIR: ccache collection
Use kinit to get credentials and store them in the collection
Attempt to ksu - ksu will fail to read current creds and will go on to
attempt to fetch new ones.
Show quoted text
The code uses stat() on the residual name in several places, but it's
the failure of the check at ccache.c:80 that appears to cause it to
ignore my ccache. Skipping the stat() call, and always attempting to
read the cache, seems to make ksu do the right thing, but I haven't
really thought about any other implications.
Subject: git commit

In ksu, don't stat() not-on-disk ccache residuals

Don't assume that ccache residual names are filenames which we can
stat() usefully. Instead, use helper functions to call the library
routines to try to read the default principal name from caches, and
use whether or not that succeeds as an indication of whether or not
there's a ccache in a given location.
Author: Nalin Dahyabhai <>
Committer: Greg Hudson <>
Commit: 9ebae7cb434b9b177c0af85c67a6d6267f46bc68
Branch: master
src/clients/ksu/ccache.c | 60 +++++++++++++++++++-------------
src/clients/ksu/heuristic.c | 13 +------
src/clients/ksu/ksu.h | 8 +++-
src/clients/ksu/main.c | 79 +++++++++----------------------------------
4 files changed, 60 insertions(+), 100 deletions(-)