Date: Tue, 20 Feb 2001 22:38:02 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: assar@FreeBSD.org Cc: "Brian F. Feldman" <green@FreeBSD.org>, security@FreeBSD.org Subject: Re: PAM/SSH and KerberosIV? Message-ID: <Pine.NEB.3.96L.1010220223638.21285A-100000@fledge.watson.org> In-Reply-To: <5l8zn0ajfe.fsf@assaris.sics.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21 Feb 2001 assar@FreeBSD.org wrote: > Robert Watson <rwatson@FreeBSD.org> writes: > > However, this seems to have broken using unique kerberos ticket filenames > > for each session -- now it always uses /tmp/tkt1000 for uid 1000, rather > > than /tmp/tkt1000_randomnumber, meaning that if you log in twice, the > > first logout hoses the tickets for the second session. This didn't happen > > previously, and is probably an issue with pam_kerberosIV.so that I didn't > > run into previously since I always logged in via SSH. It's probably not a > > security hole as presumably KTH does the right thing with regards to > > O_EXCL and so on, but it's not ideal. > > That's what src/lib/libpam/modules/pam_kerberosIV/klogin.c does, and > yes, it should be perfectly safe. Ok, so I was right in surmising it not a security hole. Any hope of moving to a model with ticket filenames created using mkstemp? Right now multiple SSH sessions use the same ticket file, so when any of them logs out, all sessions lose their ticket. This is a substantial down-turn compared to before pam_kerberosIV in SSH. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010220223638.21285A-100000>