kinit should print an error if credentials cache has invalid permissions

Bug #740477 reported by Alec Warner on 2011-03-22
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
krb5 (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: krb5-user

The obvious use case is a user does something silly such as:

sudo kinit -p <principal> and promptly makes a root:root ccache file for the specified principal.

Then the user later tries to kinit as that user and in fact everything *looks* fine...the kinit doesn't print any errors and returns 0. However the truth is nothing was done because the ccache is the wrong permissions.

klist prints an error well enough:

klist: Credentials cache permissions incorrect while setting cache flags (ticket cache FILE:/var/run/ccache/krb5cc_45531_DIPCWB)

-A

James Page (james-page) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please execute the following command, as it will automatically gather debugging information, in a terminal:

apport-collect 740477

When reporting bugs in the future please use apport by using 'ubuntu-bug' and the name of the package affected. You can learn more about this functionality at https://wiki.ubuntu.com/ReportingBugs.

Changed in krb5 (Ubuntu):
status: New → Incomplete
Russ Allbery (rra-debian) wrote :

The bug is trivially reproducible given the instructions given by the reporter. I don't see any need for them to run apport-collect to gather more data.

Changed in krb5 (Ubuntu):
status: Incomplete → Confirmed

I suspect what's going on here is that when
krb5_get_init_creds_set_out_ccache was added
the error reporting was bad.

I will attempt to look at this if no one gets there sooner.
take a look at the handling of out_ccahe in
src/lib/krb5/krb/get_in_tkt.c

scm (scm) on 2011-03-24
tags: added: glucid lucid
Mathew Hodson (mhodson) on 2015-08-19
tags: removed: glucid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers