Date: 21 Feb 2001 10:41:39 +0100 From: assar@FreeBSD.org To: Robert Watson <rwatson@FreeBSD.org> Cc: "Brian F. Feldman" <green@FreeBSD.org>, security@FreeBSD.org Subject: Re: PAM/SSH and KerberosIV? Message-ID: <5lhf1ov0do.fsf@assaris.sics.se> In-Reply-To: Robert Watson's message of "Tue, 20 Feb 2001 22:38:02 -0500 (EST)" References: <Pine.NEB.3.96L.1010220223638.21285A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson <rwatson@FreeBSD.org> writes:
> Any hope of moving to a model with ticket filenames created using
> mkstemp?
That could be done. The simple patch is, however, to do what ssh was
doing by itself, which would be like the following:
/assar
Index: klogin.c
===================================================================
RCS file: /home/ncvs/src/lib/libpam/modules/pam_kerberosIV/klogin.c,v
retrieving revision 1.11
diff -u -w -u -w -r1.11 klogin.c
--- klogin.c 2000/02/24 22:24:37 1.11
+++ klogin.c 2001/02/21 09:39:29
@@ -104,9 +104,11 @@
*/
if (strcmp(instance, "root") != 0)
- (void)sprintf(tkt_location, "%s%d", TKT_ROOT, pw->pw_uid);
+ (void)sprintf(tkt_location, "%s%d_%u", TKT_ROOT, pw->pw_uid,
+ getpid());
else {
- (void)sprintf(tkt_location, "%s_root_%d", TKT_ROOT, pw->pw_uid);
+ (void)sprintf(tkt_location, "%s_root_%d_%u", TKT_ROOT,
+ pw->pw_uid, getpid());
krbtkfile_env = tkt_location;
}
(void)krb_set_tkt_string(tkt_location);
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5lhf1ov0do.fsf>