Hi,
I am having some problems with the Heimdal module for PAM. I'm getting
the following in /var/log/{syslog,authlog} when performing 'su - matt'
as matt.
Feb 8 15:50:58 chromium sudo: pam_krb5: pam_sm_authenticate(sudo
matt): pam_get_data(): ccache data already present
Feb 8 15:50:58
Perhaps lib/krb5/keytab.c:krb5_kt_get_entry around line 372 should
have:
371 krb5_kt_get_name (context, id, kt_name, sizeof(kt_name));
372 krb5_enctype_to_string(context, enctype, enctype_str);
if (kt_name[0] == '\0')
strcpy(kt_name, MEMORY);
373
374
The issue was that trying to acquire a credential
could result in a redundant AS-REQ. It turned out to be
lib/mechglue/g_acquire_cred.c:gss_acquire_cred was looping over all
mechanisms. The problem was that with SPNEGO it did KRB5 twice, once
for KRB5 mech and once through SPNEGO mech calling
8 feb 2007 kl. 16.14 skrev Michael B Allen:
Please consider the below patch. This will cause
krb5_cc_set_default_name
to be called if KRB5CCNAME changes at all. It assumes getenv returns
the same address but if it does not the code is at least correct.
Shouldn't all inputs that changes the
8 feb 2007 kl. 15.49 skrev Michael B Allen:
Also, I would like to mention a very very minor issue related to the
message above.
If lib/krb5/get_in_tkt.c:init_as_req is called with krb5_kt_get_entry
as key_proc and it does not find the desired key, the enctype listed
in the error message will
On Fri, 9 Feb 2007 12:28:40 +1100
Love Hörnquist Åstrand [EMAIL PROTECTED] wrote:
Perhaps lib/krb5/keytab.c:krb5_kt_get_entry around line 372 should
have:
371 krb5_kt_get_name (context, id, kt_name, sizeof(kt_name));
372 krb5_enctype_to_string(context, enctype,
On Fri, 9 Feb 2007 12:41:40 +1100
Love Hörnquist Åstrand [EMAIL PROTECTED] wrote:
8 feb 2007 kl. 15.49 skrev Michael B Allen:
Also, I would like to mention a very very minor issue related to the
message above.
If lib/krb5/get_in_tkt.c:init_as_req is called with krb5_kt_get_entry
as
On Fri, 9 Feb 2007 12:35:22 +1100
Love Hörnquist Åstrand [EMAIL PROTECTED] wrote:
8 feb 2007 kl. 16.14 skrev Michael B Allen:
Please consider the below patch. This will cause
krb5_cc_set_default_name
to be called if KRB5CCNAME changes at all. It assumes getenv returns
the same