When running telnetd (for example) under inetd like this:

telnet  stream  tcp nowait  root    /usr/local/krb5/sbin/telnetd telnetd -a user

and logging in as a non-root user (the most likely scenario), the
credentials cache is not chown'ed to the user (remaining 600
root:wheel). klist returns this:

$ klist
klist: Credentials cache permissions incorrect while setting cache flags
(ticket cache FILE:/tmp/krb5cc_p3866)

This effectively means that forwarded credentials don't work.

After reading README.FreeBSD (provided by the port), I believe that this
is because the FreeBSD /usr/bin/login program doesn't know that it's
supposed to manage cache permissions and that using login.krb5 instead
will fix this. I'd prefer not to do this - I agree with the port author
that /usr/bin/login is the better way to go.

Is there a place where I can configure the default login process to
change the ownership of the cache file? I suspect that this will boil
down to a PAM problem, but I don't know enough of the details of the
/usr/bin/login authentication process to take it any further.


- Tillman

Dialects:  Formerly variations in language produced by geographic isolation,
dialects are now the variations encouraged by specialists to prevent non-
specialists access to their professional territory. What is the one subject on
which a nuclear engineer cannot be frank in public? Nuclear engineering.
        The Doubter's Companion: A Dictionary of Aggressive Common Sense

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to