[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bad interraction between krb5_context and krb5_ccache



On Wed, Nov 15, 2000 at 04:57:06PM +0100, Johan Danielsson wrote:
> Joel Kociolek <joko@logidee.com> writes:
> 
> > In lib/krb5/cache.c, the function allocate_ccache only copies the
> > ops pointer into the new ccache. Unfortunately, when the context is
> > destroyed, ops->prefix is freed and the ccache becomes invalid,
> > which can cause a subsequent use of it to segfault.
> 
> I think this is an error. You shouldn't use a cache if the context has
> been destroyed.

Sortof. The MIT Kerberos apps (e.g., telnetd) create a ccache as root
with a name based on the PID, then login.krb5 picks up the ccache, does
whatever additional authentication/authorization checks and initializes
a new ccache as the actual user (or is it that it chowns the first
ccache? I forget -- I should check before posting this, but I'm a bit
lazy).

So the idea may be that pam_krb5 may be being invoked by /bin/login
having been started from a telnetd that authenticated the incoming
connection with Kerberos and stored forwarded credentials in a temporary
ccache for the benefit of /bin/login+pam_krb5. And so pam_krb5 shouldn't
prompt for a password, but instead should validate the TGT in the temp
ccache and go from there.

> /Johan


Nico
--