Re: pam_krb5 and user logout

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jan 30, 2002 at 02:41:32PM -0500, Nicolas Williams wrote:
> On Wed, Jan 30, 2002 at 02:33:27PM -0500, Mike Gerdts wrote:
> > Looks pretty good.  krb5_cc_store_creds() stores them to
> > /tmp/krb5cc_uid, right?  Does krb5_cc_store_creds create a temp file
> > then rename?  If so, it will brek this.  (If I were writing
> > krb5_cc_store creds, I would have written in such a way that it would be
> > incompatible with this.) 
> 
> Oh dear, I forget. another thing to check.

A quick search through MIT krb5 src/lib/krb5/ccache/ reveals no calls to
rename(). A quick search through Heimdal krb5 also reveals no calls to
rename() and reveals a bonus: the kdestroy function for FILE ccaches, in
Heimdal, only scrubs the contents of the file if it is the las hard
link.

> > If you have a last logout and a new login happening at the same time,
> > you could have a situation where the logout removes /tmp/krb5cc_uid
> > between the time that a login sees that it is there and the time that it
> > tries to create its _foo file. 
> 
> Tough.

But remember, the link() will fail and the PAM_KRB5 instance still has
the original creds it fetched, so the race can be avoided.

> This is getting too complicated. It would all be much simpler if there
> were an IPC API for passing new ccaches to gssd (an open interface too).

As long as neither MIT nor Heimdal krb5 use rename() when initializing a
default ccache we're ok.

> > Mike


Cheers,

Nico
--
-DISCLAIMER: an automatically appended disclaimer may follow. By posting-
-to a public e-mail mailing list I hereby grant permission to distribute-
-and copy this message.-

Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.





[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux