sudo pam, with kerberos

Hi Folks,

just compiled up sudo 1.6.8p12 with pam support. Everything seems fine, but when I sudo to root and use my kerberos password, the permissions on my /tmp/krb5_uid file gets changed from being owned by myself to root eg:

user@ss1:~> ls -l /tmp/krb5cc_100

-rw-1 useruser 1300 Feb 24 14:44 /tmp/krb5cc_100

user@ss1:~>

user@ss1:~> sudo -s

Password:

root@ss1:~> ls -l /tmp/krb5cc_100

-rw-1 rootroot1300 Feb 24 14:45 /tmp/krb5cc_100

root@ss1:~>

I've trussed sudo and it looks to be an issue with pam_krb5, anyone have any suggestions to help refine this?

Cheers

Steve

[672 byte] By [s_p_f] at [2007-11-25 23:39:41]

«« system hangs after trying to su
»» SAR not reporting correctly

# 1

If this is on Solaris 10 I'd suggest to dump sudo and move to the RBAC system instead. Look into "pfexec(1)" and the likes.

LionO at 2007-7-5 18:47:39 >

top of Java-index,General,Talk to the Sysop...

# 2

While I and many others agree with you, there are some who don't....thing is we're going for an integrated approach here, so all the unix flavours that we have on site can share a common config file.

s_p_f at 2007-7-5 18:47:39 >

# 3

And why wouldn't that be possible using RBAC ? I think it would be even easier than using sudo.

LionO at 2007-7-5 18:47:39 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

sudo pam, with kerberos

General New Topic

General Hot Topic

General

All Classified