From thomas@pongo.cs.wisc.edu Wed Sep 13 17:46:10 2000
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.72.0.53])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id RAA21012
for <bugs@RT-11.MIT.EDU>; Wed, 13 Sep 2000 17:46:09 -0400 (EDT)
Received: from pongo.cs.wisc.edu (pongo.cs.wisc.edu [128.105.162.13])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id RAA07145
for <krb5-bugs@mit.edu>; Wed, 13 Sep 2000 17:46:09 -0400 (EDT)
Received: from pongo.cs.wisc.edu (localhost [127.0.0.1])
by pongo.cs.wisc.edu (8.9.2/8.9.2) with ESMTP id QAA09340
for <krb5-bugs@mit.edu>; Wed, 13 Sep 2000 16:46:08 -0500 (CDT)
Message-Id: <200009132146.QAA09340@pongo.cs.wisc.edu>
Date: Wed, 13 Sep 2000 16:46:08 -0500
From: David Thompson <thomas@cs.wisc.edu>
Cc: krb5-bugs@mit.edu
In-Reply-To: Message from David Thompson <thomas@pongo.cs.wisc.edu>
of "Tue, 05 Sep 2000 14:27:16 CDT."
Subject: Re: telnetd doesn't chown ticket file
From: Tom Yu <tlyu@MIT.EDU>
To: thomas@cs.wisc.edu
Cc: krb5-bugs@MIT.EDU
Subject: Re: pending/886: Re: telnetd doesn't chown ticket file
Date: Wed, 7 Feb 2001 15:37:22 -0500 (EST)
Please send replies with subject line pending/883. Note that merely
sending to krb5-bugs won't get you an ack, since it has to be
manuallly processed in that case, and we tend to be able to process
bugs sent by way of krb5-send-pr more efficiently.
I'll send more in the correct PR.
---Tom
State-Changed-From-To: open-closed
State-Changed-By: tlyu
State-Changed-When: Wed Feb 7 15:38:17 2001
State-Changed-Why:
Replies should go to 883.
Hi all:
I never got a reply to this message. Can anyone give me any information on
this??
Even an ack "Yes it's a problem" or "never heard of it" would be helpful.
Thanks.
Dave
David Thompson wrote:
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.72.0.53])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id RAA21012
for <bugs@RT-11.MIT.EDU>; Wed, 13 Sep 2000 17:46:09 -0400 (EDT)
Received: from pongo.cs.wisc.edu (pongo.cs.wisc.edu [128.105.162.13])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id RAA07145
for <krb5-bugs@mit.edu>; Wed, 13 Sep 2000 17:46:09 -0400 (EDT)
Received: from pongo.cs.wisc.edu (localhost [127.0.0.1])
by pongo.cs.wisc.edu (8.9.2/8.9.2) with ESMTP id QAA09340
for <krb5-bugs@mit.edu>; Wed, 13 Sep 2000 16:46:08 -0500 (CDT)
Message-Id: <200009132146.QAA09340@pongo.cs.wisc.edu>
Date: Wed, 13 Sep 2000 16:46:08 -0500
From: David Thompson <thomas@cs.wisc.edu>
Cc: krb5-bugs@mit.edu
In-Reply-To: Message from David Thompson <thomas@pongo.cs.wisc.edu>
of "Tue, 05 Sep 2000 14:27:16 CDT."
Subject: Re: telnetd doesn't chown ticket file
Show quoted text
>Number: 886
>Category: pending
>Synopsis: Re: telnetd doesn't chown ticket file
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Sep 13 17:47:00 EDT 2000
>Last-Modified: Wed Feb 7 15:38:29 EST 2001
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Category: pending
>Synopsis: Re: telnetd doesn't chown ticket file
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Sep 13 17:47:00 EDT 2000
>Last-Modified: Wed Feb 7 15:38:29 EST 2001
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
From: Tom Yu <tlyu@MIT.EDU>
To: thomas@cs.wisc.edu
Cc: krb5-bugs@MIT.EDU
Subject: Re: pending/886: Re: telnetd doesn't chown ticket file
Date: Wed, 7 Feb 2001 15:37:22 -0500 (EST)
Please send replies with subject line pending/883. Note that merely
sending to krb5-bugs won't get you an ack, since it has to be
manuallly processed in that case, and we tend to be able to process
bugs sent by way of krb5-send-pr more efficiently.
I'll send more in the correct PR.
---Tom
State-Changed-From-To: open-closed
State-Changed-By: tlyu
State-Changed-When: Wed Feb 7 15:38:17 2001
State-Changed-Why:
Replies should go to 883.
Show quoted text
>Unformatted:
>On a linux build of krb5-1.2.1, using the -l option of telnet causes
>problems.
>
>For example, with a ticket for 'usera', running:
>
>% telnet -a -F -l userb <host>
>
>fails with:
>
>Trying a.b.c.d...
>Connected to <host>.cs.wisc.edu (a.b.c.d).
>Escape character is '^]'.
>[ Kerberos V5 accepts you as ``usera@CS.WISC.EDU'' ]
>[ Kerberos V5 accepted forwarded credentials ]
>Password for userb:
>operator: unknown RPC error (-1765328188) when initializing cache
>k5token: unknown RPC error (-1765328190) failure on principal
>Connection closed by foreign host.
>
>In 1.2.1, when telnetd passes the ticket cache on to login.krb5, the ticket
>cache is still owned by root. When login.krb5 tries to delete the cache
>and recreate it (as userb), it fails, and things fall apart rapidly
>after that.
>
>Restoring the 'chown' at the bottom of
>.../appl/telnet/libtelnet/forward.c that was removed from 1.0 to 1.2.1
>allows the login to work. However, I assume there was a reason why
>the chown was removed. Is there a better fix for this problem?
>
>--
>Dave Thompson <thomas@cs.wisc.edu>
>
>Associate Researcher Department of Computer Science
>University of Wisconsin-Madison http://www.cs.wisc.edu/~thomas
>1210 West Dayton Street Phone: (608)-262-1017
>Madison, WI 53706-1685 Fax: (608)-262-6626
>--
>
>
>
>
>On a linux build of krb5-1.2.1, using the -l option of telnet causes
>problems.
>
>For example, with a ticket for 'usera', running:
>
>% telnet -a -F -l userb <host>
>
>fails with:
>
>Trying a.b.c.d...
>Connected to <host>.cs.wisc.edu (a.b.c.d).
>Escape character is '^]'.
>[ Kerberos V5 accepts you as ``usera@CS.WISC.EDU'' ]
>[ Kerberos V5 accepted forwarded credentials ]
>Password for userb:
>operator: unknown RPC error (-1765328188) when initializing cache
>k5token: unknown RPC error (-1765328190) failure on principal
>Connection closed by foreign host.
>
>In 1.2.1, when telnetd passes the ticket cache on to login.krb5, the ticket
>cache is still owned by root. When login.krb5 tries to delete the cache
>and recreate it (as userb), it fails, and things fall apart rapidly
>after that.
>
>Restoring the 'chown' at the bottom of
>.../appl/telnet/libtelnet/forward.c that was removed from 1.0 to 1.2.1
>allows the login to work. However, I assume there was a reason why
>the chown was removed. Is there a better fix for this problem?
>
>--
>Dave Thompson <thomas@cs.wisc.edu>
>
>Associate Researcher Department of Computer Science
>University of Wisconsin-Madison http://www.cs.wisc.edu/~thomas
>1210 West Dayton Street Phone: (608)-262-1017
>Madison, WI 53706-1685 Fax: (608)-262-6626
>--
>
>
>
>
Hi all:
I never got a reply to this message. Can anyone give me any information on
this??
Even an ack "Yes it's a problem" or "never heard of it" would be helpful.
Thanks.
Dave
David Thompson wrote:
Show quoted text
>