Subject: Re: xdm, PAM and krb5 broken
To: None <firstname.lastname@example.org>
From: Jukka Salmi <email@example.com>
Date: 10/19/2006 11:14:04
Christian Biere --> current-users (2006-10-19 03:32:51 +0200):
> Jukka Salmi wrote:
> > on a -current Kerberos V system login(1) works fine while xdm(1) doesn't
> > (both are using pam(8), default /etc/pam.d files). After successfully
> > logging in, xdm seems to remove the credentials cache file:
> > [...]
> > 3508 1 xdm CALL __lstat30(0x806cca0,0xbfbfe094)
> > 3508 1 xdm NAMI "/tmp/krb5cc_1000"
> Might be off-topic but I find it odd that this thing creates a file in the
> world-writable directory /tmp with a non-random filename that contains the
> user ID.
The file is created with mode 0600 and is owned by the user whose uid
is contained in the file name.
$ ((RANDOM%6)) || rm -rf ~