[prev in list] [next in list] [prev in thread] [next in thread]
List: sudo-users
Subject: Re: [sudo-users] (Probably) basic problem with sudo and kerberos tickets
From: Chris Causer <chy.causer () gmail ! com>
Date: 2009-09-16 8:27:03
Message-ID: 3f3109d40909160127i121280b1qd55de2288bf8c150 () mail ! gmail ! com
[Download RAW message or body]
The problem still exists but I can perhaps provide more information:
1) I was wrong: the ticket is only deleted if you have to enter your
password. If you use a timeout terminal (ie no password) then the ticket is
preserved.
2) If you move the ticket file to say /tmp/wibble and reset the environment
variable $KRB5CCNAME to /tmp/wibble, then the ticket is preserved no matter
how you sudo.
3) If you use a local account (ie one that uses passwd/shadow) then the
ticket is preserved. AFAIK this only happens to users who authenticate using
kerberos.
I would be so grateful if anyone could help me. I've been looking over the
source and I cannot for the life of me see where anything would delete the
ticket file in tmp when you authenticate but not when you use a cached sudo.
Cheers
Chris
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic