krb5-1.12 is released
Simo Sorce
simo at redhat.com
Thu Jan 9 11:52:12 EST 2014
On Thu, 2014-01-09 at 08:35 -0800, Russ Allbery wrote:
> Simo Sorce <simo at redhat.com> writes:
>
> > This is odd, both sudo and su have 2 variants, one that just changes
> > your credentials, and one that actually (supposedly) gives you the
> > equivalent of a login shell (su -l and sudo -i). For the latter a new
> > session should be actually created and the pam module is appropriate.
> > If Debian does not differentiate already ... it looks like a bug.
>
> Debian distinguishes between interactive and noninteractive sessions, yes.
> But I don't believe that resetting the session keyring for an interactive
> sudo is appropriate, and the author of the pam_keyinit man page seems to
> agree with me.
Ok, this is getting a little bit off-topic so fell free to ignore or
respond privately. But how does an interactive su/sudo session differ
from a ssh session to localhost ?
In the second case you do create a new session.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Kerberos
mailing list