On Jun 9, 2013, at 10:23 AM, Andreas Sundstrom wrote:
Manually adding setuid(11) and seteuid (11) (the id for my dumpuser, operator) at the tail end of common-src/krb5-security.c fixed the whole thing AND AMCHECK AND ALSO AMDUMP WORK PERFECTLY. Would you like to share more exactly where you put it? I'm trying to "patch" Debian's 3.3.1 version to work with krb5 now. But I have not figured out where to add the workaround for dropping root priv again. But that's cheating, manually setting the UID downwards. Is it in the code already, proved by the fact that somebody else has got it to work? Or shall we continue to poke around to find the proper way to down-set the UID, and then send it in? I understand that your fix probably can be considered a very ugly hack, but it would let me continue my upgrade to Debian Wheezy. I'm currently running 2.5.2p1 (from Debian Lenny) as that is what I last got it working with. A little help from a amanda developer to properly fix krb5 would be nice as well, since it is still stated as a supported feature. Thanks Andreas Sundstrom The fix I just sent is much more elegant than I originally mentioned. I'm actually using the provided (symbol or variable) to set the user back to the proper client login (ie the non prived user) that you specified in your setup configuration files and/or compilation. Deb Baddorf Fermilab
