krb5-1.12 is released
Russ Allbery
eagle at eyrie.org
Thu Jan 9 11:35:18 EST 2014
Simo Sorce <simo at redhat.com> writes:
> This is odd, both sudo and su have 2 variants, one that just changes
> your credentials, and one that actually (supposedly) gives you the
> equivalent of a login shell (su -l and sudo -i). For the latter a new
> session should be actually created and the pam module is appropriate.
> If Debian does not differentiate already ... it looks like a bug.
Debian distinguishes between interactive and noninteractive sessions, yes.
But I don't believe that resetting the session keyring for an interactive
sudo is appropriate, and the author of the pam_keyinit man page seems to
agree with me.
--
Russ Allbery (eagle at eyrie.org) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list