Howdy,
When running telnetd (for example) under inetd like this:
telnet stream tcp nowait root /usr/local/krb5/sbin/telnetd telnetd -a user
and logging in as a non-root user (the most likely scenario), the
credentials cache is not chown'ed to the user (remaining 600
root:wheel). klist returns this:
$ klist
klist: Credentials cache permissions incorrect while setting cache flags
(ticket cache FILE:/tmp/krb5cc_p3866)
This effectively means that forwarded credentials don't work.
After reading README.FreeBSD (provided by the port), I believe that this
is because the FreeBSD /usr/bin/login program doesn't know that it's
supposed to manage cache permissions and that using login.krb5 instead
will fix this. I'd prefer not to do this - I agree with the port author
that /usr/bin/login is the better way to go.
Is there a place where I can configure the default login process to
change the ownership of the cache file? I suspect that this will boil
down to a PAM problem, but I don't know enough of the details of the
/usr/bin/login authentication process to take it any further.
TIA,
- Tillman
--
Dialects: Formerly variations in language produced by geographic isolation,
dialects are now the variations encouraged by specialists to prevent non-
specialists access to their professional territory. What is the one subject on
which a nuclear engineer cannot be frank in public? Nuclear engineering.
The Doubter's Companion: A Dictionary of Aggressive Common Sense
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
