[Bug 757] KRB5CCNAME inherited from root's environment under AIX

Thu Nov 13 10:29:20 EST 2003

http://bugzilla.mindrot.org/show_bug.cgi?id=757

           Summary: KRB5CCNAME inherited from root's environment under AIX
           Product: Portable OpenSSH
           Version: -current
          Platform: PPC
        OS/Version: AIX
            Status: NEW
          Severity: minor
          Priority: P2
         Component: sshd
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: dopheide at ncsa.uiuc.edu

Under AIX, if you restart sshd as root while you have KRB5CCNAME set in root's
environment (typical after 'ksu'ing), the value of KRB5CCNAME will be inherited
by all connecting clients.  The code that causes this inheritance is in
session.c. Darren Tucker on the openssh-unix-dev mailling list thinks this is
due to how AIX's authenticate() function works (seen in auth-passwd.c).

As a result, the correct fix would be to unset KRB5CCNAME from the environment
at the start.  Unfortunately, unsetenv() isn't a standard call on AIX systems. 
I will attach a patch that fixes this problem.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.