Bug 142110
| Summary: | kadmin can't open /var/log/kadmind.log | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 4 | Reporter: | John Haxby <jch> |
| Component: | krb5 | Assignee: | Nalin Dahyabhai <nalin> |
| Status: | CLOSED WONTFIX | QA Contact: | Brian Brock <bbrock> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4.0 | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i386 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-06-20 16:04:53 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I expect that kadmin is attempting to log to the destination specified in /etc/krb5.conf's [logging] section. Both the kadmin client and server consult the same location for this configuration setting, so it's probably better that it not be a location that's writable by unprivileged users by default, if it's going to be something that we set by default. This is more of a configuration question than anything. Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. Please See https://access.redhat.com/support/policy/updates/errata/ If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041020 Firefox/0.10.1 Description of problem: When I start kadmin as a non-root user I'm informed that I can't open the log file due to lack of permission: $ /usr/kerberos/sbin/kadmin Couldn't open log file /var/log/kadmind.log: Permission denied Couldn't open log file /var/log/kadmind.log: Permission denied Authenticating as principal jch/admin.COM with password. Password for jch/admin.COM: This presumably a security issue since the log is probably there for a good reason! Version-Release number of selected component (if applicable): krb5-workstation-1.3.4-7.i386 How reproducible: Always Steps to Reproduce: 1. As a non-root user, /usr/kerberos/sbin/kadmin Actual Results: Error message as above. Expected Results: No error message and stuff logged to the log file. Additional info: Even if the log file could be opened, why are we logging to a file called kadmind.log instead of kadmin.log?