ksu roleuser -z breaks in krb5_cc_initialize()

peter duff duffpl at yahoo.com
Tue Jun 17 17:50:54 EDT 2003

Hi all - I'm trying ksu with the -Z option.  

I need -Z (or -z) because otherwise its possible for
two users to become a third user and point to the
other user's tgt.

Basically the process fails as below:

[kduff at host src]$ ksu roleuser -Z
Authenticated kduff at REALM
Account roleuser: authorization for kduff at REALM
Changing uid to roleuser (123)
ksu: Permission denied roleuser does not have correct
permissions for /tmp/krb5cc_123.1, ksu aborted

ls -l confirms that the new ticket gets created as
root by virtue of krb5_cc_initialize() being called
when ksu is uid 0.

-rw-------    1 root     kduff          43 Jun 17
00:31 /tmp/krb5cc_123.1

The relevant portion of code is in ccache.c in

Am I doing something silly or is this a known bug ?


Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!

More information about the krbdev mailing list