[Bug 2775] Improve kerberos credential forwarding support

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Oct 19 00:14:39 AEDT 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2775

--- Comment #11 from Charles Hedrick <hedrick at rutgers.edu> ---
The code I recommend is

getting cache name:

#ifdef hassetresuid
   setresuid(user,user,-1)
   name = krb5 default name
   setresuid(0,0,-1)
#else
   name = your current code to emulate the library
#endif

for opening the ccache

#ifdef hassetresuid
   setresuid(user,user,-1
#endif
   current code doing cc_resolv, etc
#ifdef hassetresuid
   setresuid(0,0,-1)
#endif

In the second case you don't need an else. The change of uid is really
only needed for KCM: (assuming you chown the cache properly). KCM: is
unlikely to be present on Solaris 2.8 and other systems without
setresuid.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list