Date: Wed, 13 Mar 2002 12:34:02 -0800 (PST) From: Juha-Matti Tilli <juha-matti.tilli@pp.inet.fi> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/35865: pam_krb5 crashes in pam_sm_setcred() Message-ID: <200203132034.g2DKY2N15690@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 35865 >Category: misc >Synopsis: pam_krb5 crashes in pam_sm_setcred() >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Mar 13 12:40:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Juha-Matti Tilli >Release: FreeBSD 4.5-RELEASE i386 >Organization: >Environment: FreeBSD tykki 4.5-RELEASE FreeBSD 4.5-RELEASE #16: Fri Mar 1 19:04:50 EET 2002 juhis@tykki:/usr/obj/usr/src/sys/TYKKI i386 >Description: pam_krb5 contains a bug in pam_sm_setcred() which causes login to die on signal 10. I put many DLOG:s to function pam_sm_setcred() and noticed that the bug is in following code: while ((krbret = krb5_cc_next_cred(pam_context, ccache_temp, &cursor, &creds) == 0)) { if ((krbret = krb5_cc_store_cred(pam_context, ccache_perm, &creds)) != 0) { DLOG("krb5_cc_store_cred()", error_message(krbret)); (void) krb5_cc_destroy(pam_context, ccache_perm); krb5_free_cred_contents(pam_context, &creds); pamret = PAM_SERVICE_ERR; goto cleanup2; } krb5_free_cred_contents(pam_context, &creds); } >How-To-Repeat: Put following lines in login.conf and try to login with kerberos username and password login auth requisite pam_cleartext_pass_ok.so login auth sufficient pam_krb5.so try_first_pass debug ccache=FILE:/tmp/krb5cc_%u login auth required pam_unix.so try_first_pass debug login session sufficient pam_krb5.so debug ccache=FILE:/tmp/krb5cc_%u login session required pam_unix.so debug #login password required pam_krb5.so #login account required pam_krb5.so >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203132034.g2DKY2N15690>