Hello all, I'm not able to get Kerberos5 authenticarion work together with PrivSep. According to strace, it seems that the kerberos authentication stage is performed by the user process in chrooted enviroment. The problem is that Kerberos authentication must be done by root. Is anybody working on a fix? (or am I missing something in configuration?) Thanks for any advice. -- Dan
On Wed, 26 Jun 2002, Daniel Kouril wrote:> I'm not able to get Kerberos5 authenticarion work together with PrivSep. > According to strace, it seems that the kerberos authentication stage is > performed by the user process in chrooted enviroment. The problem is that > Kerberos authentication must be done by root. Is anybody working on a fix? > (or am I missing something in configuration?)No - I think that's correct. I'm working on getting my GSSAPI patches going with PrivSep - I think I'm nearly there. I haven't looked in depth at the protocol 1 krb5 stuff. Cheers, Simon.
On Thu, Jun 27, 2002 at 12:24:13AM +0200, Dag-Erling Smorgrav wrote:> Hans Insulander <hin at stacken.kth.se> writes: > > What needs to be done, afaik, is to receive the kerberos auth data in the > > unprivileged client process, marshal it and send over to the monitor process. > > The monitor should validate the information and say "ok" or "not ok" back to > > the client. I have very little clues as how to do that. > > I can work on this tomorrow provided someone can help me with the > Kerberos aspect of things.I could spend some time on solving the problem now. Are you (or anyone else) working on that so that I could join? -- Dan