Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 14 Nov 2005 13:30:53 +0100
From:      Stijn Hoop <stijn@win.tue.nl>
To:        Harti Brandt <harti@freebsd.org>
Cc:        hackers@freebsd.org
Subject:   Re: telnetd/sshd and Kerberos tickets (PAM)
Message-ID:  <20051114123052.GG69544@pcwin002.win.tue.nl>
In-Reply-To: <20051021170843.A6955@beagle.kn.op.dlr.de>
References:  <20051021160017.D4007@beagle.kn.op.dlr.de> <20051021141752.GQ6916@pcwin002.win.tue.nl> <20051021170843.A6955@beagle.kn.op.dlr.de>
next in thread | previous in thread | raw e-mail | index | archive | help 

--MdJ3p2aQbVp3YFXz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Oct 21, 2005 at 05:10:39PM +0200, Harti Brandt wrote:
> On Fri, 21 Oct 2005, Stijn Hoop wrote:
> SH>On Fri, Oct 21, 2005 at 04:08:14PM +0200, Harti Brandt wrote:
> SH>> I have enabled the pam_krb5 module in pam.d/{login,telnetd,sshd}. Wh=
en=20
> SH>> login in locally I get a Kerberos ticket as I would expect. When log=
ging=20
> SH>> in via ssh or telnet I don't get one. I have digged around in the so=
urces=20
> SH>> and it locks like telnetd never calls pam_setcred() which would do t=
his=20
> SH>> work. My PAM-foo is rather limited so my question is: shouldn't sshd=
 and=20
> SH>> telnetd call pam_setcred() somewhere?
> SH>
> SH>WRT sshd I bugged des@ about this but did not receive an answer :( See
> SH>the attached mail.
>=20
> Hmm. I digged around a little bit and found something:
>=20
> http://bugzilla.mindrot.org/show_bug.cgi?id=3D789
>=20
> From a first glance it seems that this bug was introduced by fixing=20
> another bug.

I see. If I understand correctly, disabling privsep will fix it?

Still, I would really like to get an answer to my PAM question:

"Is it allowed for an application to only call pam_setcred with the
PAM_REINITIALIZE_FLAG, while never having called it with PAM_ESTABLISH_CRED=
?"

Did you find out yet?

--Stijn

--=20
"An adult is a child who has more ethics and morals, that's all."
		-- Shigeru Miyamoto

--MdJ3p2aQbVp3YFXz
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFDeIN8Y3r/tLQmfWcRAkWUAJ9LsJ+u3XeV3seJVfbXAMPnpIQN0gCgqL82
XYJpEeMsGKTCuKrzYt9Gtmc=
=xpSz
-----END PGP SIGNATURE-----

--MdJ3p2aQbVp3YFXz--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051114123052.GG69544>