Bug 146198 - leaves files in /tmp from expried kerberos tickets
leaves files in /tmp from expried kerberos tickets
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: dovecot (Show other bugs)
3
All Linux
medium Severity medium
: ---
: ---
Assigned To: John Dennis
:
Depends On:
Blocks: 171119
  Show dependency treegraph
 
Reported: 2005-01-25 17:15 EST by John Dennis
Modified: 2014-01-21 17:51 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-07-22 11:56:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description John Dennis 2005-01-25 17:15:19 EST
Dovecot is littering /tmp with files from expired kerberous tickets.
It fails to properly close out the kerberos session, or at least thats
the theory. We had the same problem with UW imap and applied a fix for
that, we probably need to pull in a similar patch for dovecot.
Comment 1 John Dennis 2005-01-25 17:19:41 EST
Notting believes the fix in uw imap was calling pam_setcred
(hdl,PAM_DELETE_CRED) after the pam auth succeeded. I'll investigate
and see if this is in our latest version. We did just do an update to
0.99.13, not sure what's running on devserv
Comment 2 John Dennis 2005-02-02 17:16:36 EST
Bill: I build a new version of dovecot that hopefully fixes the
kerberos ticket problem. Its checked into "devel" and here is a binary
I built on my own FC3 box, I don't want to build in rawhide yet. Do
you want to test it? 

ftp://people.redhat.com/jdennis/dovecot-0.99.13-4.devel.i386.rpm

I did some minimal testing with pam and it seems to work fine, but pam
on my test system is not using kerberos so its not a sufficient test.

After having a discussion with Nalin it was suggested that dovecot not
call PAM_ESTABLISH_CRED in the first place, he thought this was a
better fix than trying to locate all the places to call
PAM_DELETE_CRED. The reasoning is fully explained in
dovecot-pam-setcred.patch, in essence there is no need to create the
on disk copy of the ticket with PAM_ESTABLISH_CRED if the session is
not held open and pam_end is immediately called after validating the
login, which is what dovecot does.
Comment 3 Bill Nottingham 2005-02-02 17:37:43 EST
Currently testing on the server here (had to do a local build). Seems
to solve the issue.
Comment 6 Jarkko 2005-11-01 17:09:25 EST
Was the new build ok? If yes, please release it because I'm having this problem
here...
Comment 7 John Dennis 2005-11-01 17:25:50 EST
The FC4 dovecot rpm has the fix.
Comment 8 Jarkko 2005-11-01 17:41:22 EST
And apparently FC3 updates-testing too. Just upgraded dovecot to it. Seems to
work ok. Problem solved.

Note You need to log in before you can comment on or make changes to this bug.