krb5-1.12 is released
Simo Sorce
simo at redhat.com
Thu Jan 9 09:24:35 EST 2014
On Wed, 2014-01-08 at 18:46 -0800, Russ Allbery wrote:
> Greg Hudson <ghudson at MIT.EDU> writes:
>
> > Arguably we should also be lobbying Debian and Ubuntu and Gentoo to
> > fix #1, so that session keyrings have the intended semantics.
>
> The difficulty in doing this in the system PAM configuration in Debian at
> least is that one generally should not do this for su and related
> programs, just for login processes. The current Debian configuration
> system doesn't provide a separate common-session for those types of
> sessions.
>
> I'll file a wishlist bug for this in Debian, but it's going to be kind of
> tricky.
This is odd, both sudo and su have 2 variants, one that just changes
your credentials, and one that actually (supposedly) gives you the
equivalent of a login shell (su -l and sudo -i). For the latter a new
session should be actually created and the pam module is appropriate.
If Debian does not differentiate already ... it looks like a bug.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Kerberos
mailing list