krb5-appl/1110: login(8) sets KRB5CCNAME different to klist(1)
darrenr@chiron.nabaus.com.au
darrenr at chiron.nabaus.com.au
Tue May 21 04:27:47 EDT 2002
>Number: 1110
>Category: krb5-appl
>Synopsis: login(8) sets KRB5CCNAME different to klist(1)
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue May 21 04:28:01 EDT 2002
>Last-Modified:
>Originator: Darren Reed
>Organization:
Optimation
>Release: krb5-1.2.5
>Environment:
System: SunOS chiron 5.5.1 Generic_103640-34 sun4u sparc SUNW,Ultra-2
Architecture: sun4
>Description:
When logging in, login.krb5 sets $KRB5CCNAME to /tmp/krb5cc_p<PID>
whereas klist uses /tmp/krb5cc_<UID>. So if we are logged in to a
host and then telnet back to itself and login is ourself, klist will
not display any tickets.
>How-To-Repeat:
L1$ unset KRB5CCNAME
L1$ kinit
<enter password>
L1$ klist
<displays tickets>
L1$ telnet -x localhost
L2$ klist
<no tickets displayed>
>Fix:
login.krb5 should be more intelligent about its choice for $KRB5CCNAME.
If it can see a krb5cc_<UID> that is owned by the right UID and has
adequate permissions, perhaps it should set $KRB5CCNAME to that instead.
>Audit-Trail:
>Unformatted:
More information about the krb5-bugs
mailing list