Skip Menu |
 

From: Robbie Harwood <rharwood@redhat.com>
To: krb5-bugs@mit.edu
Subject: ksu does not obey k5login_directory
Date: Tue, 26 Apr 2016 15:17:42 -0400
ksu does not seem to care about the value of k5login_directory, instead
hardcoding $HOME/.k5login. This looks like so:

[root@kerberos.ravnica x86_64]# grep k5login_directory /etc/krb5.conf
k5login_directory = /etc/k5login
[root@kerberos.ravnica x86_64]# cat /etc/k5login/testuser
rharwood@RAVNICA
[root@kerberos.ravnica x86_64]# strace -f -o /tmp/ksu.out sudo -u rharwood ksu testuser -n rharwood
Authenticated rharwood@RAVNICA
Account testuser: authorization of rharwood@RAVNICA failed
[root@kerberos.ravnica x86_64]# grep k5login /tmp/ksu.out
1492 stat("/home/testuser/.k5login", 0x7ffdc4d07770) = -1 ENOENT (No such file or directory)
[root@kerberos.ravnica x86_64]#

This bug was reported downstream as
https://bugzilla.redhat.com/show_bug.cgi?id=1329998

Thanks!
Download signature.asc
application/pgp-signature 818B

Message body not shown because it is not plain text.