[Bug 445] User DCE Credentials do not get forwarded to child session

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed May 21 01:11:28 EST 2003


http://bugzilla.mindrot.org/show_bug.cgi?id=445





------- Additional Comments From kmy at ornl.gov  2003-05-21 01:11 -------
I am no longer running OSF1; although, I may
have to do so in the future.  The last comment
on propagating parent's  environment to the
child is mostly correct.  The call to
sia_ses_init creates a KRB5 ticket which
contains authorization/authentication for
the parent.  This ticket information needs
to be propagated to the child.

Actually, this is the proper way to handle
OSF1 SIA; since, the operating system SIA
layer is run-time configurable by design
and you do not really want to pass
the user's password to KRB5 a second time.

This is to say that the file, /etc/sia/matrix.conf
tells the OS about whether or not DCE is a valid
authentication/authorization method.  In the event
that DCE is being used, the parent's authorizations
do need to be propagated to the child.  However, we
also must deal with the case wherein DCE is no longer
a valid mechanism.  In this case, the parent will
not have an authorization to propagate.
-- 
Ken Matney, Sr.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list