[Bug 2775] Improve kerberos credential forwarding support
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Oct 19 00:14:39 AEDT 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2775
--- Comment #11 from Charles Hedrick <hedrick at rutgers.edu> ---
The code I recommend is
getting cache name:
#ifdef hassetresuid
setresuid(user,user,-1)
name = krb5 default name
setresuid(0,0,-1)
#else
name = your current code to emulate the library
#endif
for opening the ccache
#ifdef hassetresuid
setresuid(user,user,-1
#endif
current code doing cc_resolv, etc
#ifdef hassetresuid
setresuid(0,0,-1)
#endif
In the second case you don't need an else. The change of uid is really
only needed for KCM: (assuming you chown the cache properly). KCM: is
unlikely to be present on Solaris 2.8 and other systems without
setresuid.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list