Subject: xdm, PAM and krb5 broken
To: None <current-users@netbsd.org>
From: Jukka Salmi <j+nbsd@2006.salmi.ch>
List: current-users
Date: 10/18/2006 22:29:45
Hi,
on a -current Kerberos V system login(1) works fine while xdm(1) doesn't
(both are using pam(8), default /etc/pam.d files). After successfully
logging in, xdm seems to remove the credentials cache file:
[...]
3508 1 xdm CALL __lstat30(0x806cca0,0xbfbfe094)
3508 1 xdm NAMI "/tmp/krb5cc_1000"
3508 1 xdm RET __lstat30 0
3508 1 xdm CALL open(0x806cca0,2,0xbfbfdfb8)
3508 1 xdm NAMI "/tmp/krb5cc_1000"
3508 1 xdm RET open 3
3508 1 xdm CALL unlink(0x806cca0)
3508 1 xdm NAMI "/tmp/krb5cc_1000"
3508 1 xdm RET unlink 0
3508 1 xdm CALL __fstat30(3,0xbfbfe030)
3508 1 xdm RET __fstat30 0
3508 1 xdm CALL lseek(3,0,0,0,2)
3508 1 xdm RET lseek 885/0x375
3508 1 xdm CALL lseek(3,0,0,0,0)
3508 1 xdm RET lseek 0
3508 1 xdm CALL write(3,0xbfbfdfb0,0x80)
3508 1 xdm GIO fd 3 wrote 128 bytes
[...]
3508 1 xdm RET write 128/0x80
3508 1 xdm CALL write(3,0xbfbfdfb0,0x80)
3508 1 xdm GIO fd 3 wrote 128 bytes
[...]
3508 1 xdm RET write 128/0x80
3508 1 xdm CALL write(3,0xbfbfdfb0,0x75)
3508 1 xdm GIO fd 3 wrote 117 bytes
[...]
3508 1 xdm RET write 117/0x75
3508 1 xdm CALL fsync(3)
3508 1 xdm RET fsync 0
3508 1 xdm CALL close(3)
3508 1 xdm RET close 0
[...]
Hmm, xdm opens the cache file, unlinks it and then writes to it?
Another thing I noticed:
[...]
3508 1 xdm CALL chown(0x8069805,0x3e8,0x3e8)
3508 1 xdm NAMI "/tmp/krb5cc_1000"
3508 1 xdm RET chown -1 errno 1 Operation not permitted
[...]
(0x3e8 being the uid of the user logging in)
login(1) seems to chown the file, too, but succeeds doing so.
Is anybody else seeing this? Or is anybody successfully using xdm,
ending up with a usable credentials cache file?
TIA, Jukka
--
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~