ksu roleuser -z breaks in krb5_cc_initialize()
peter duff
duffpl at yahoo.com
Tue Jun 17 17:50:54 EDT 2003
Hi all - I'm trying ksu with the -Z option.
I need -Z (or -z) because otherwise its possible for
two users to become a third user and point to the
other user's tgt.
Basically the process fails as below:
[kduff at host src]$ ksu roleuser -Z
Authenticated kduff at REALM
Account roleuser: authorization for kduff at REALM
successful
Changing uid to roleuser (123)
ksu: Permission denied roleuser does not have correct
permissions for /tmp/krb5cc_123.1, ksu aborted
ls -l confirms that the new ticket gets created as
root by virtue of krb5_cc_initialize() being called
when ksu is uid 0.
-rw------- 1 root kduff 43 Jun 17
00:31 /tmp/krb5cc_123.1
The relevant portion of code is in ccache.c in
krb5_ccache_filter().
Am I doing something silly or is this a known bug ?
P.
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
More information about the krbdev
mailing list