Skip Menu |
 

Download (untitled) / with headers
text/plain 3.4KiB
From root@inception.smyrph.net Thu Jul 19 22:11:17 2001
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.72.0.53])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id WAA09803
for <bugs@RT-11.mit.edu>; Thu, 19 Jul 2001 22:11:17 -0400 (EDT)
Received: from inception.smyrph.net (root@inception.smyrph.net [66.92.69.137])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id WAA28064
for <krb5-bugs@mit.edu>; Thu, 19 Jul 2001 22:11:16 -0400 (EDT)
Received: (from root@localhost)
by inception.smyrph.net (8.10.2/8.10.2) id f6K2BGK03448;
Thu, 19 Jul 2001 22:11:16 -0400
Message-Id: <200107200211.f6K2BGK03448@inception.smyrph.net>
Date: Thu, 19 Jul 2001 22:11:16 -0400
From: david@smyrph.net
Reply-To: david@smyrph.net
To: krb5-bugs@mit.edu
Subject: login.krb5 doesn't fetch tickets for root?
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 980
>Category: krb5-appl
>Synopsis: login.krb5 doesn't fetch tickets for root?
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Thu Jul 19 22:12:00 EDT 2001
>Last-Modified:
>Originator: me?
>Organization:
just my personal things - smyrph.net
Show quoted text
>Release: krb5-1.2.2
>Environment:
Linux, slackware 7.1, Intel P3
System: Linux inception.smyrph.net 2.4.5-ac21 #2 Thu Jun 28 23:13:43 EDT 2001 i686 unknown
Architecture: i686

Show quoted text
>Description:
sometimes annoying how login.krb5 doesn't fetch tickets for root.
Show quoted text
>How-To-Repeat:
set login.krb5 for your /bin/login (symlink...), login as root, then try
running klist - which won't show any tickets!
Show quoted text
>Fix:
This patch lets you add "kinit_root = 1" to [login] in krb5.conf to
request login.krb5 to attempt fetching tickets even for root. I left
the default for kinit_root not attempt fetching root tickets - to
comply with existing behavior. (the patch also corrects an annoyance w/
login.krb5 clearing struct winsize on linux - sent a separate PR)
diff -u --new-file --recursive krb5-1.2.2/src/appl/bsd/login.c krb5-1.2.2.noclearwinsize/src/appl/bsd/login.c
--- krb5-1.2.2/src/appl/bsd/login.c Wed Feb 28 17:06:43 2001
+++ krb5-1.2.2.noclearwinsize/src/appl/bsd/login.c Thu Jul 19 21:41:22 2001
@@ -60,6 +60,8 @@

int login_accept_passwd = 0;

+int login_kinit_root = 0;
+
/*
* login [ name ]
* login -r hostname (for rlogind)
@@ -113,6 +115,7 @@
* initializing these values anyway -- tcgetattr *should* give
* them reasonable defaults... */
#define NO_INIT_CC
+#define NO_SET_TIOCSWINSZ
#endif

#include <errno.h>
@@ -348,6 +351,7 @@
"krb4_get_tickets", &login_krb4_get_tickets,
"krb4_convert", &login_krb4_convert,
"krb4_run_aklog", &login_krb_run_aklog,
+ "kinit_root", &login_kinit_root,
#endif /* KRB5_KRB4_COMPAT */
};

@@ -1291,7 +1295,7 @@

lpass_ok = unix_passwd_okay(user_pwstring);

- if (pwd->pw_uid != 0) { /* Don't get tickets for root */
+ if (pwd->pw_uid != 0 || login_kinit_root) { /* Don't get tickets for root */
try_krb5(&me, user_pwstring);

#ifdef KRB4_GET_TICKETS
@@ -1438,11 +1442,13 @@
quietlog = access(HUSHLOGIN, F_OK) == 0;
dolastlog(quietlog, tty);

+#ifndef NO_SET_TIOCSWINSZ
if (!hflag && !rflag && !kflag && !Kflag && !eflag) { /* XXX */
static struct winsize win = { 0, 0, 0, 0 };

(void)ioctl(0, TIOCSWINSZ, (char *)&win);
}
+#endif

(void)chown(ttyn, pwd->pw_uid,
(gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid);
Show quoted text
>Audit-Trail:
>Unformatted: