Date: Tue, 25 Feb 2003 08:50:25 -0600 From: Tillman <tillman@seekingfire.com> To: FreeBSD-Questions <freebsd-questions@freebsd.org> Subject: krb5 port and permissions on forwarded credentials Message-ID: <20030225085025.E17975@seekingfire.com>
next in thread | raw e-mail | index | archive | help
Howdy, When running telnetd (for example) under inetd like this: telnet stream tcp nowait root /usr/local/krb5/sbin/telnetd telnetd -a user and logging in as a non-root user (the most likely scenario), the credentials cache is not chown'ed to the user (remaining 600 root:wheel). klist returns this: $ klist klist: Credentials cache permissions incorrect while setting cache flags (ticket cache FILE:/tmp/krb5cc_p3866) This effectively means that forwarded credentials don't work. After reading README.FreeBSD (provided by the port), I believe that this is because the FreeBSD /usr/bin/login program doesn't know that it's supposed to manage cache permissions and that using login.krb5 instead will fix this. I'd prefer not to do this - I agree with the port author that /usr/bin/login is the better way to go. Is there a place where I can configure the default login process to change the ownership of the cache file? I suspect that this will boil down to a PAM problem, but I don't know enough of the details of the /usr/bin/login authentication process to take it any further. TIA, - Tillman -- Dialects: Formerly variations in language produced by geographic isolation, dialects are now the variations encouraged by specialists to prevent non- specialists access to their professional territory. What is the one subject on which a nuclear engineer cannot be frank in public? Nuclear engineering. The Doubter's Companion: A Dictionary of Aggressive Common Sense To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030225085025.E17975>