[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: API differences between Heimdal and MIT

On Fri, Feb 03, 2006 at 01:19:29PM +0200, Juha Jäykkä wrote:

> Back to the matter of .k5login. I do not have an unreadable .k5login. It's
> not even empty. It just happens to reside on a filesystem, where root is
> not allowed to access it.

Then I'd suggest that the bug is in the PAM module: it should drop root
privileges before calling krb5_userok(), and regain the privileges
afterward. Maybe it should be documented in the krb5_userok() man page
that it requires filesystem access and therefore it should be called
with the privileges of the intended user. I think the current Heimdal
behavior is desirable; if .k5login is unreadable for _any_ reason then
there is a problem somewhere and the system should fail to the safe side
by blocking such an user.


     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences