Red Hat Bugzilla – Full Text Bug Listing
|Summary:||RFE: distinguish between ccaches created by session and cred mgmt functions|
|Product:||[Fedora] Fedora||Reporter:||Nalin Dahyabhai <nalin>|
|Component:||pam_krb5||Assignee:||Nalin Dahyabhai <nalin>|
|Status:||CLOSED RAWHIDE||QA Contact:||Brian Brock <bbrock>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2007-11-09 14:44:59 EST||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Nalin Dahyabhai 2006-09-01 10:45:53 EDT
Description of problem: Some applications use both session management and credential management PAM APIs (which is normal), but propagate the PAM environment to the real environment in between calling pam_open_session() and pam_setcred(). This sets the environment variables to values which are invalidated when the second function (whichever one that is) is called. Version-Release number of selected component (if applicable): 2.2.9 and earlier How reproducible: Always Steps to Reproduce: 1. Install RHEL4 box with coreutils no newer than 5.2.1-31.4. 2. Configure 'su' so that it no longer trusts root. 3. Attempt to 'su' to an unprivileged user who is authenticated using Kerberos. Actual results: You get a ccache, but KRB5CCNAME points elsewhere. The debug log shows $KRB5CCNAME being created, destroyed, and then another ccache being created. Expected results: Something less confusing/annoying/infuriating. Additional info: See bug #150056 for the RHEL 4 instance where this bites 'su'.
Comment 1 Nalin Dahyabhai 2007-11-09 14:44:59 EST
This should have been fixed in 2.2.13, but I forgot to close this when the package hit Raw Hide. Closing now.