[krbdev.mit.edu #8397] ksu does not obey k5login_directory
Robbie Harwood via RT
rt-comment at krbdev.mit.edu
Tue Apr 26 16:44:07 EDT 2016
ksu does not seem to care about the value of k5login_directory, instead
hardcoding $HOME/.k5login. This looks like so:
[root at kerberos.ravnica x86_64]# grep k5login_directory /etc/krb5.conf
k5login_directory = /etc/k5login
[root at kerberos.ravnica x86_64]# cat /etc/k5login/testuser
rharwood at RAVNICA
[root at kerberos.ravnica x86_64]# strace -f -o /tmp/ksu.out sudo -u rharwood ksu testuser -n rharwood
Authenticated rharwood at RAVNICA
Account testuser: authorization of rharwood at RAVNICA failed
[root at kerberos.ravnica x86_64]# grep k5login /tmp/ksu.out
1492 stat("/home/testuser/.k5login", 0x7ffdc4d07770) = -1 ENOENT (No such file or directory)
[root at kerberos.ravnica x86_64]#
This bug was reported downstream as
https://bugzilla.redhat.com/show_bug.cgi?id=1329998
Thanks!
More information about the krb5-bugs
mailing list