bugzilla-daemon at mindrot.org
2003-Oct-30 20:22 UTC
[Bug 751] KRB5CCNAME set incorrectly in GSSAPI code
http://bugzilla.mindrot.org/show_bug.cgi?id=751
Summary: KRB5CCNAME set incorrectly in GSSAPI code
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: Kerberos support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: smichaud at pobox.com
This is something we missed when going over the GSSAPI code this August.
The code in ssh_gssapi_krb5_storecreds() in gss-serv-krb5.c doesn't set the
KRB5CCNAME environment variable correctly. At present it includes only the
cache's "name". But it should actually include both it's
"type" and it's
"name", separated by a colon ':' -- e.g.
"FILE:/tmp/krb5cc_100_Ao7629". (Simon
Wilkinson's patches to 3.6.1p2 and previous versions did this correctly.)
I'll add a patch to fix the problem. I made the code general enough to work
with other cache "types" -- e.g. API or MEMORY.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Oct-30 20:24 UTC
[Bug 751] KRB5CCNAME set incorrectly in GSSAPI code
http://bugzilla.mindrot.org/show_bug.cgi?id=751 ------- Additional Comments From smichaud at pobox.com 2003-10-31 07:24 ------- Created an attachment (id=490) --> (http://bugzilla.mindrot.org/attachment.cgi?id=490&action=view) Fix to set KRB5CCNAME correctly in GSSAPI code ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Oct-30 20:37 UTC
[Bug 751] KRB5CCNAME set incorrectly in GSSAPI code
http://bugzilla.mindrot.org/show_bug.cgi?id=751
smichaud at pobox.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #490 is|0 |1
obsolete| |
------- Additional Comments From smichaud at pobox.com 2003-10-31 07:36 -------
Created an attachment (id=491)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=491&action=view)
Another patch to set KRB5CCNAME correctly in GSSAPI code
Oops, my first fix wasn't general enough. Here's a better one.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Nov-02 01:37 UTC
[Bug 751] KRB5CCNAME set incorrectly in GSSAPI code
http://bugzilla.mindrot.org/show_bug.cgi?id=751 ------- Additional Comments From simon at sxw.org.uk 2003-11-02 12:37 ------- I think this patch is probably over complex. In both the Heimdal and MIT cases we constrain ourselves to FILE: credential caches (the call to the Heimdal variant with &krb5_fcc_ops, and the 'FILE:' prefix to the MIT code). Under Unix, MIT Kerberos defaults to using 'FILE' when no credential cache type is given and Heimdal always defaults to using 'FILE'. For correctness, we should probably prefix the cache with 'FILE'. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.