Subject: bin/12825: su doesn't reset KRB5CCNAME nor KRBTKFILE when not using kerberos
To: None <gnats-bugs@gnats.netbsd.org>
From: None <lha@stacken.kth.se>
List: netbsd-bugs
Date: 05/04/2001 04:37:29
>Number: 12825
>Category: bin
>Synopsis: su doesn't reset KRB5CCNAME nor KRBTKFILE
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu May 03 19:38:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Love
>Release: 1.5U
>Organization:
Stacken Computer Club
>Environment:
System: NetBSD nutcracker.dynarc.se 1.5U NetBSD 1.5U (NUTCRACKER) #3: Mon Apr 9 16:12:48 CEST 2001 lha@nutcracker.dynarc.se:/usr/src/sys/arch/i386/compile/NUTCRACKER i386
Architecture: i386
Machine: i386
>Description:
su doesn't reset KRB5CCNAME nor KRBTKFILE when not using kerberos
This make you overwrite your creds too easily.
>How-To-Repeat:
: lha@nutcracker ; klist | head -2
Credentials cache: FILE:/tmp/krb5cc_913.ttyE0
Principal: lha@E.KTH.SE
: lha@nutcracker ; PATH=/usr/bin:$PATH
: lha@nutcracker ; klist | head -2
Credentials cache: FILE:/tmp/krb5cc_913.ttyE0
Principal: lha@E.KTH.SE
: lha@nutcracker ; su -K
Password:
nutcracker# klist | head -2
klist: No ticket file (tf_util)
Credentials cache: FILE:/tmp/krb5cc_913.ttyE0
Principal: lha@E.KTH.SE
>Fix:
Setting the KRB5CCNAME and KRBTKFILE is not done in the main
code-path but in kerberos() and kerberos5() functions.
I think part of the trick is to break out setting of these env
variables to always be done.
>Release-Note:
>Audit-Trail:
>Unformatted: