1030002 – ksu with root as target does not works with keyring credential cache

Bug 1030002 - ksu with root as target does not works with keyring credential cache

Summary: ksu with root as target does not works with keyring credential cache

Keywords:
Status:	CLOSED DUPLICATE of bug 1015559
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	krb5
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Nalin Dahyabhai
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-11-13 16:44 UTC by Patrik Kis
Modified:	2013-11-13 22:49 UTC (History)
CC List:	0 users
Fixed In Version:	krb5-1.11.3-33.el7
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-11-13 22:49:12 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Patrik Kis 2013-11-13 16:44:06 UTC

Description of problem:
ksu when the target is root is not working with cache type keyring

Version-Release number of selected component (if applicable):
krb5-1.11.3-31.el7

How reproducible:
always

Steps to Reproduce:

# echo Ariel > /root/.k5login
# echo Ariel > /home/Ariel/.k5login
#
# su - ktest
Last login: Wed Nov 13 09:31:01 EST 2013 on pts/0
$ 
$ kinit Ariel
Password for Ariel: 
$ klist 
Ticket cache: KEYRING:persistent:1006:1006
Default principal: Ariel

Valid starting       Expires              Service principal
11/13/2013 09:39:36  11/14/2013 09:39:36  krbtgt/ZMRAZ.COM
	renew until 11/13/2013 09:39:36
$
$ ksu Ariel -e /bin/id
Authenticated Ariel
Account Ariel: authorization for Ariel for execution of
               /bin/id successful
Changing uid to Ariel (1005)
uid=1005(Ariel) gid=1005(Ariel) groups=1005(Ariel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
$
$ ksu -e /bin/id
account root: authorization failed
$

but

$ KRB5CCNAME=FILE:/tmp/krb5cc kinit Ariel
Password for Ariel: 
$ KRB5CCNAME=FILE:/tmp/krb5cc klist
Ticket cache: FILE:/tmp/krb5cc
Default principal: Ariel

Valid starting       Expires              Service principal
11/13/2013 11:34:58  11/14/2013 11:34:58  krbtgt/ZMRAZ.COM
	renew until 11/13/2013 11:34:58
$ KRB5CCNAME=FILE:/tmp/krb5cc  ksu -e /bin/id
Authenticated Ariel
Account root: authorization for Ariel for execution of
               /bin/id successful
Changing uid to root (0)
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Comment 2 Nalin Dahyabhai 2013-11-13 22:49:12 UTC


*** This bug has been marked as a duplicate of bug 1015559 ***

Note You need to log in before you can comment on or make changes to this bug.