[prev in list] [next in list] [prev in thread] [next in thread] 

List:       amanda-users
Subject:    Re: anybody USING the krb5 version?
From:       Jean-Louis Martineau <martineau () zmanda ! com>
Date:       2013-04-03 18:23:17
Message-ID: 515C7395.2020100 () zmanda ! com
[Download RAW message or body]

Debra,

On 03/29/2013 04:07 PM, Debra S Baddorf wrote:
> Amanda Users:
> I've installed amanda v3.3.3  but am having trouble getting the  auth "krb5"
> version to work.    Is anybody actually  using it yet?
I'm not sure someone use it and I didn't tested it in many years.

I'm looking at a patch by Dustin from 2009-09-09
He changed
    if (getuid() == 0) {
by
    if (geteuid() == 0) {

Your fix is a good wokaround, or you can try to change the previous test.

Jean-Louis
>
> When I run the  xinetd   as  user=root  it complains that
> amcheck wants to be  my dumpuser,  operator.   But it isn't happy running
> xinetd as operator either.
>
> I've manually moved the   seteuid(0)    paragraph  in amandad.c
>         /* krb5 require the euid to be 0 */
>          if (strcasecmp(auth, "krb5") == 0) {
>             seteuid((uid_t)0);
>          }
> so it's before the  "if krb5 then you need to be root"
> paragraph.   That got me a little further.  But now it complains that it isn't being
> UN-prived properly.
>
> Manually adding   setuid(11)  and  seteuid (11)    (the id for my dumpuser, operator)
> at the tail end of  common-src/krb5-security.c     fixed the whole thing
> AND AMCHECK  AND ALSO AMDUMP  WORK PERFECTLY.
>
> But that's cheating,  manually setting the UID downwards.   Is it in the code already,
> proved by the fact that somebody else has got it to work?   Or shall we continue
> to poke around to find the proper way to down-set the UID,   and then send it in?
>
> Deb Baddorf
> Fermilab
>
> PS googling for the error msgs I'm getting,  makes me think that no one has tried
> this in a few years,  and that they never resolved it either.

[prev in list] [next in list] [prev in thread] [next in thread]