[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sudo-users
Subject:    Re: [sudo-users] (Probably) basic problem with sudo and kerberos tickets
From:       Chris Causer <chy.causer () gmail ! com>
Date:       2009-09-16 8:27:03
Message-ID: 3f3109d40909160127i121280b1qd55de2288bf8c150 () mail ! gmail ! com
[Download RAW message or body]

The problem still exists but I can perhaps provide more information:

1) I was wrong: the ticket is only deleted if you have to enter your
password. If you use a timeout terminal (ie no password) then the ticket is
preserved.

2) If you move the ticket file to say /tmp/wibble and reset the environment
variable $KRB5CCNAME to /tmp/wibble, then the ticket is preserved no matter
how you sudo.

3) If you use a local account (ie one that uses passwd/shadow) then the
ticket is preserved. AFAIK this only happens to users who authenticate using
kerberos.

I would be so grateful if anyone could help me. I've been looking over the
source and I cannot for the life of me see where anything would delete the
ticket file in tmp when you authenticate but not when you use a cached sudo.

Cheers

Chris

[prev in list] [next in list] [prev in thread] [next in thread]