Skip Menu |

From: Robbie Harwood <>
Subject: ksu does not obey k5login_directory
Date: Tue, 26 Apr 2016 15:17:42 -0400
ksu does not seem to care about the value of k5login_directory, instead
hardcoding $HOME/.k5login. This looks like so:

[root@kerberos.ravnica x86_64]# grep k5login_directory /etc/krb5.conf
k5login_directory = /etc/k5login
[root@kerberos.ravnica x86_64]# cat /etc/k5login/testuser
[root@kerberos.ravnica x86_64]# strace -f -o /tmp/ksu.out sudo -u rharwood ksu testuser -n rharwood
Authenticated rharwood@RAVNICA
Account testuser: authorization of rharwood@RAVNICA failed
[root@kerberos.ravnica x86_64]# grep k5login /tmp/ksu.out
1492 stat("/home/testuser/.k5login", 0x7ffdc4d07770) = -1 ENOENT (No such file or directory)
[root@kerberos.ravnica x86_64]#

This bug was reported downstream as

Download signature.asc
application/pgp-signature 818B

Message body not shown because it is not plain text.