[prev in list] [next in list] [prev in thread] [next in thread]
List: amanda-users
Subject: Re: anybody USING the krb5 version?
From: Jean-Louis Martineau <martineau () zmanda ! com>
Date: 2013-04-03 18:23:17
Message-ID: 515C7395.2020100 () zmanda ! com
[Download RAW message or body]
Debra,
On 03/29/2013 04:07 PM, Debra S Baddorf wrote:
> Amanda Users:
> I've installed amanda v3.3.3 but am having trouble getting the auth "krb5"
> version to work. Is anybody actually using it yet?
I'm not sure someone use it and I didn't tested it in many years.
I'm looking at a patch by Dustin from 2009-09-09
He changed
if (getuid() == 0) {
by
if (geteuid() == 0) {
Your fix is a good wokaround, or you can try to change the previous test.
Jean-Louis
>
> When I run the xinetd as user=root it complains that
> amcheck wants to be my dumpuser, operator. But it isn't happy running
> xinetd as operator either.
>
> I've manually moved the seteuid(0) paragraph in amandad.c
> /* krb5 require the euid to be 0 */
> if (strcasecmp(auth, "krb5") == 0) {
> seteuid((uid_t)0);
> }
> so it's before the "if krb5 then you need to be root"
> paragraph. That got me a little further. But now it complains that it isn't being
> UN-prived properly.
>
> Manually adding setuid(11) and seteuid (11) (the id for my dumpuser, operator)
> at the tail end of common-src/krb5-security.c fixed the whole thing
> AND AMCHECK AND ALSO AMDUMP WORK PERFECTLY.
>
> But that's cheating, manually setting the UID downwards. Is it in the code already,
> proved by the fact that somebody else has got it to work? Or shall we continue
> to poke around to find the proper way to down-set the UID, and then send it in?
>
> Deb Baddorf
> Fermilab
>
> PS googling for the error msgs I'm getting, makes me think that no one has tried
> this in a few years, and that they never resolved it either.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic