Problems with ksu in krb5-1.4.1 - Kerberos

This is a discussion on Problems with ksu in krb5-1.4.1 - Kerberos ; A co-worker has been having strange problems testing krb5-1.4.1, and asked me to post the following: We are running Solaris 8 with krb5-1.4.1 installed. We just upgraded from 1.3.4 (with patches). We use Sun's pam_krb5 and subsequent SEAM libraries to ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Problems with ksu in krb5-1.4.1

  1. Problems with ksu in krb5-1.4.1

    A co-worker has been having strange problems testing krb5-1.4.1, and
    asked me to post the following:

    We are running Solaris 8 with krb5-1.4.1 installed. We just upgraded
    from 1.3.4 (with patches). We use Sun's pam_krb5 and subsequent SEAM
    libraries to sign in. We need to use MIT's kit because Solaris 8's SEAM
    doesn't include all the tools we need.

    One odd thing we've noticed is that somehow ksu is causing a lock-up
    when you try to login twice. i.e.

    window1: sign in to hosta as usera (ssh/telnet/ftp, doesn't matter)
    window1: ksu to root (or any other ID via .k5login) from usera
    window2: try to sign in to hosta as usera
    window2: you can authenticate, but the session freezes and won't give
    you a shell
    window1: exit from root shell
    window2: the frozen session continues and gives you a shell.

    Very odd. As soon as we rollback our krb5 binaries to 1.3.4, the
    behaviour of ksu is fixed.

    As far as I can see, this is an issue with only ksu as nothing else in
    1.4.1 is giving us problems.

    ksu does not appear to be doing anything odd to the credentials cache,
    so why would the sessions freeze like this ?

    Any insight is appreciated.

    Thanks.

    Rainer Heilke
    Unix Systems Administrator
    ATCO I-Tek
    Phone: 780-420-7806
    Fax: 780-420-3939
    Email: rainer.heilke@atcoitek.com

    The information transmitted is intended only for the addressee and may
    contain confidential, proprietary and/or privileged material. Any
    unauthorized review, distribution or other use of or the taking of any
    action in reliance upon this information is prohibited. If you receive
    this in error, please contact the sender and delete or destroy this
    message and any copies.

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: Problems with ksu in krb5-1.4.1

    In article ,
    Heilke, Rainer wrote:

    >ksu does not appear to be doing anything odd to the credentials cache,
    >so why would the sessions freeze like this ?


    I wouldn't be surprised if it were related to the bug which causes
    this:

    wollman@isfahel(1)$ ksu
    Authenticated wollman@CSAIL.MIT.EDU
    Account root: authorization for wollman@CSAIL.MIT.EDU successful
    Changing uid to root (0)
    root@isfahel# exit
    Assertion failed: ((&_m->os)->initialized == K5_MUTEX_DEBUG_INITIALIZED), function krb5_fcc_destroy, file cc_file.c, line 1526.
    Abort trap

    -GAWollman

    --
    Garrett A. Wollman | As the Constitution endures, persons in every
    wollman@csail.mit.edu | generation can invoke its principles in their own
    Opinions not those | search for greater freedom.
    of MIT or CSAIL. | - A. Kennedy, Lawrence v. Texas, 539 U.S. 558 (2003)

  3. Re: Problems with ksu in krb5-1.4.1

    On Jun 15, 2005, at 13:58, Garrett Wollman wrote:
    > In article ,
    > Heilke, Rainer wrote:
    >
    >> ksu does not appear to be doing anything odd to the credentials cache,
    >> so why would the sessions freeze like this ?

    >
    > I wouldn't be surprised if it were related to the bug which causes
    > this:
    >
    > wollman@isfahel(1)$ ksu
    > Authenticated wollman@CSAIL.MIT.EDU
    > Account root: authorization for wollman@CSAIL.MIT.EDU successful
    > Changing uid to root (0)
    > root@isfahel# exit
    > Assertion failed: ((&_m->os)->initialized ==
    > K5_MUTEX_DEBUG_INITIALIZED), function krb5_fcc_destroy, file
    > cc_file.c, line 1526.
    > Abort trap


    I suspect they're different problems, but I'm investigating. I've just
    run into the freezing problem on one of my machines.

    For the assertion-failed problem, could you please try the attached
    patch and let me know if it fixes it? (BTW, which OS is this on?)

    Ken




    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread