Problems with ksu in krb5-1.4.1

Heilke, Rainer Rainer.Heilke at atcoitek.com
Wed Jun 15 12:12:49 EDT 2005


A co-worker has been having strange problems testing krb5-1.4.1, and
asked me to post the following:

We are running Solaris 8 with krb5-1.4.1 installed. We just upgraded
from 1.3.4 (with patches). We use Sun's pam_krb5 and subsequent SEAM
libraries to sign in. We need to use MIT's kit because Solaris 8's SEAM
doesn't include all the tools we need.  

One odd thing we've noticed is that somehow ksu is causing a lock-up
when you try to login twice. i.e.

window1: sign in to hosta as usera (ssh/telnet/ftp, doesn't matter)
window1: ksu to root (or any other ID via .k5login) from usera
window2: try to sign in to hosta as usera
window2: you can authenticate, but the session freezes and won't give
         you a shell
window1: exit from root shell
window2: the frozen session continues and gives you a shell. 

Very odd. As soon as we rollback our krb5 binaries to 1.3.4, the
behaviour of ksu is fixed. 

As far as I can see, this is an issue with only ksu as nothing else in
1.4.1 is giving us problems. 

ksu does not appear to be doing anything odd to the credentials cache,
so why would the sessions freeze like this ?

Any insight is appreciated. 

Thanks. 

Rainer Heilke
Unix Systems Administrator
ATCO I-Tek
Phone:  780-420-7806
Fax:  780-420-3939
Email:  rainer.heilke at atcoitek.com

The information transmitted is intended only for the addressee and may
contain confidential, proprietary and/or privileged material. Any
unauthorized review, distribution or other use of or the taking of any
action in reliance upon this information is prohibited. If you receive
this in error, please contact the sender and delete or destroy this
message and any copies. 



More information about the Kerberos mailing list