Bug 246619 - sshd needs to store forwarded gssapi creds before opening the pam session
Summary: sshd needs to store forwarded gssapi creds before opening the pam session
Keywords:
Status: CLOSED DUPLICATE of bug 216689
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openssh
Version: 4.5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Tomas Mraz
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks: 201265
TreeView+ depends on / blocked
 
Reported: 2007-07-03 13:47 UTC by Nalin Dahyabhai
Modified: 2007-11-17 01:14 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-07-10 21:42:14 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Nalin Dahyabhai 2007-07-03 13:47:46 UTC 
This is more or less the same as bug #201341, and was originally upstream #918
(https://bugzilla.mindrot.org/show_bug.cgi?id=918).  Basically sshd doesn't
store forwarded GSSAPI credentials to disk before opening the PAM session for
the user, so modules don't have access to the credentials even when they may
have use for them.
Comment 2 Tomas Mraz 2007-07-10 21:42:14 UTC 
Actually the patch I have to fix bug 216689 will solve this one as well.


*** This bug has been marked as a duplicate of 216689 ***
Comment 3 Nalin Dahyabhai 2007-07-11 13:31:34 UTC 
You're right, it looks like it will.  Thanks!
Comment 4 Tomas Mraz 2007-07-23 11:10:45 UTC 
Nalin, could you please test the latest openssh in dist-4E-qu-candidate whether
it fixes the problem?
Comment 5 Nalin Dahyabhai 2007-07-23 21:24:46 UTC 
Seems to work properly in combination with the corresponding
dist-4E-qu-candidate pam_krb5 2.1.15-1 and later.  Thanks!
Comment 6 Dave Botsch 2007-09-14 04:42:40 UTC 
Hi. What's the status and expected release of a fix for RHEL4 on this? The bug
this is marked as a duplicate of (bug 216689) is restricted, so the rest of the
community has no idea what's going on.

thanks!
Comment 7 Nalin Dahyabhai 2007-09-14 15:30:49 UTC 
This should be fixed (well, #216689 is called out as fixed in the changelog) in
the openssh packages in the beta channel.
Note You need to log in before you can comment on or make changes to this bug.