sshd, Tiger and KRB5CCNAME

Alexandra Ellwood lxs at MIT.EDU
Fri Aug 25 14:58:58 EDT 2006 


Is the CCAPI patch even in what went out in the Tiger security  
update?  AFAICT, it's not, so perhaps the machines where it isn't  
working have taken the update and the others have not.


On Aug 25, 2006, at 2:00 PM, <simon at sxw.org.uk> wrote:

>
> I think that this behaviour appeared with the last Tiger update.  
> Someone here spotted it today - it seems to be a bug in Apple's  
> OpenSSH package (I haven't yet checked if the bug is also in the  
> CCAPI portion of my patch)
>
> Simon.
> -----Original Message-----
>
> From:  "Booker C. Bense" <bbense at stanford.edu>
> Subj:  sshd, Tiger and KRB5CCNAME
> Date:  Fri 25 Aug 2006 18:23
> Size:  1K
> To:  kerberos at mit.edu
>
>
> I'm running into a very odd bug with the default sshd on Tiger and
> using gssapi w/ credential forwarding. Basically, the credentials
> forward just fine but at some point the session gets
>
> KRB5CCNAME=FILE:krb5cc_[uid]
>
> rather than the proper
>
> KRB5CCNAME=API:krb5cc_[uid]
>
> As far as I can tell there is nothing in the configuration
> that is setting this variable, and if you reset it in the ssh
> session to it's proper value everything works. On what "should"
> be identically configured machines, or I can't find any difference
> between them, the less used machine will do the correct thing,
> but the one that's had more logins does the wrong thing. Or at
> least that's the only difference I can find between machines that
> have the problem and ones that don't.
>
> Is anyone aware of any condition in the OS X kerberos code where it
> will somehow set KRB5CCNAME to the FILE value? I realize I'm grasping
> at straws here, but I'm really puzzled by this.
>
> _ Booker C. Bense
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

--lxs

Alexandra Ellwood <lxs at mit.edu>
MIT Kerberos Development Team
<http://mit.edu/lxs/www>

More information about the Kerberos mailing list