On 2013-03-30 00:07, Debra S Baddorf wrote:
> Amanda Users:
> I've installed amanda v3.3.3 but am having trouble getting the auth
"krb5"
> version to work. Is anybody actually using it yet?
I am actually still using krb5 - and would like to continue to do so.
> When I run the xinetd as user=root it complains that
> amcheck wants to be my dumpuser, operator. But it isn't happy running
> xinetd as operator either.
>
> I've manually moved the seteuid(0) paragraph in amandad.c
> /* krb5 require the euid to be 0 */
> if (strcasecmp(auth, "krb5") == 0) {
> seteuid((uid_t)0);
> }
> so it's before the "if krb5 then you need to be root"
> paragraph. That got me a little further. But now it complains that
it isn't being
> UN-prived properly.
I got this far as well, thanks to your instructions.
> Manually adding setuid(11) and seteuid (11) (the id for my
dumpuser, operator)
> at the tail end of common-src/krb5-security.c fixed the whole thing
> AND AMCHECK AND ALSO AMDUMP WORK PERFECTLY.
Would you like to share more exactly where you put it? I'm trying to
"patch" Debian's
3.3.1 version to work with krb5 now. But I have not figured out where to
add the
workaround for dropping root priv again.
> But that's cheating, manually setting the UID downwards. Is it in
the code already,
> proved by the fact that somebody else has got it to work? Or shall
we continue
> to poke around to find the proper way to down-set the UID, and then
send it in?
I understand that your fix probably can be considered a very ugly hack,
but it would let
me continue my upgrade to Debian Wheezy. I'm currently running 2.5.2p1 (from
Debian Lenny) as that is what I last got it working with.
A little help from a amanda developer to properly fix krb5 would be nice
as well, since
it is still stated as a supported feature.
Thanks
Andreas Sundstrom
