Bug 146198
Summary: | leaves files in /tmp from expried kerberos tickets | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | John Dennis <jdennis> |
Component: | dovecot | Assignee: | John Dennis <jdennis> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | CC: | jval, notting, tss, wtogami |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-07-22 15:56:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 171119 |
Description
John Dennis
2005-01-25 22:15:19 UTC
Notting believes the fix in uw imap was calling pam_setcred (hdl,PAM_DELETE_CRED) after the pam auth succeeded. I'll investigate and see if this is in our latest version. We did just do an update to 0.99.13, not sure what's running on devserv Bill: I build a new version of dovecot that hopefully fixes the kerberos ticket problem. Its checked into "devel" and here is a binary I built on my own FC3 box, I don't want to build in rawhide yet. Do you want to test it? ftp://people.redhat.com/jdennis/dovecot-0.99.13-4.devel.i386.rpm I did some minimal testing with pam and it seems to work fine, but pam on my test system is not using kerberos so its not a sufficient test. After having a discussion with Nalin it was suggested that dovecot not call PAM_ESTABLISH_CRED in the first place, he thought this was a better fix than trying to locate all the places to call PAM_DELETE_CRED. The reasoning is fully explained in dovecot-pam-setcred.patch, in essence there is no need to create the on disk copy of the ticket with PAM_ESTABLISH_CRED if the session is not held open and pam_end is immediately called after validating the login, which is what dovecot does. Currently testing on the server here (had to do a local build). Seems to solve the issue. Was the new build ok? If yes, please release it because I'm having this problem here... The FC4 dovecot rpm has the fix. And apparently FC3 updates-testing too. Just upgraded dovecot to it. Seems to work ok. Problem solved. |