Problem using pam_krb5 + sshd on Solaris
Parag Godkar
paragg at konark.ncst.ernet.in
Fri Nov 22 03:26:12 EST 2002
> Thanks Paraq for information that you use sshd with PrivilegeSeparation.
>
> I also installed it and my problem is resolved.
>
> I think in the pam_krb5 there is a fault.
>
> I tested pam_krb5 module with several configuration, debugging it and got
> results:
>
> Server UID GID EUID EGID
>
> ------------------------------------------------------------------------
>
> Telnetd 0 10 1005 10
>
> Sshd 0 1 1005 1 (no separation)
>
> Sshd 1005 10 1005 10 (with separation with user sshd)
>
> Here 1005 is ID of connecting some_user.
>
> Group 10 is staff.
>
> Group 1 is other.
>
> pam_krb5 creates CCache in /etc/krb5cc_1005. It creates it with EUID.
>
> For sshd without separation the created file /etc/krb5cc_1005 had:
>
> -rw --- --- some_user other
>
> Then pam_krb5 changes by means of "chown()" ownership and group to users:
> here to some_user and staff.
>
> This chown() hands back error.
>
> I think by means of this EUID=1005 and EGID=1 there is not possible change
> this file.
>
Ah, I am very happy to know that and it's time
for me to say as you always say -
Cheers !!
Warm Regards,
Parag Godkar
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list