From owner-freebsd-security  Tue Feb 20 19:38: 8 2001
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id BD60C37B401; Tue, 20 Feb 2001 19:38:03 -0800 (PST)
	(envelope-from robert@fledge.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.1/8.11.1) with SMTP id f1L3c2h21555;
	Tue, 20 Feb 2001 22:38:03 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Tue, 20 Feb 2001 22:38:02 -0500 (EST)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: assar@FreeBSD.org
Cc: "Brian F. Feldman" <green@FreeBSD.org>, security@FreeBSD.org
Subject: Re: PAM/SSH and KerberosIV?
In-Reply-To: <5l8zn0ajfe.fsf@assaris.sics.se>
Message-ID: <Pine.NEB.3.96L.1010220223638.21285A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On 21 Feb 2001 assar@FreeBSD.org wrote:

> Robert Watson <rwatson@FreeBSD.org> writes:
> > However, this seems to have broken using unique kerberos ticket filenames
> > for each session -- now it always uses /tmp/tkt1000 for uid 1000, rather
> > than /tmp/tkt1000_randomnumber, meaning that if you log in twice, the
> > first logout hoses the tickets for the second session.  This didn't happen
> > previously, and is probably an issue with pam_kerberosIV.so that I didn't
> > run into previously since I always logged in via SSH.  It's probably not a
> > security hole as presumably KTH does the right thing with regards to
> > O_EXCL and so on, but it's not ideal.
> 
> That's what src/lib/libpam/modules/pam_kerberosIV/klogin.c does, and
> yes, it should be perfectly safe.

Ok, so I was right in surmising it not a security hole.  Any hope of
moving to a model with ticket filenames created using mkstemp?  Right now
multiple SSH sessions use the same ticket file, so when any of them logs
out, all sessions lose their ticket.  This is a substantial down-turn
compared to before pam_kerberosIV in SSH.



Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message