Bug 751

Summary: KRB5CCNAME set incorrectly in GSSAPI code
Product: Portable OpenSSH Reporter: Steven Michaud <smichaud>
Component: Kerberos supportAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED DUPLICATE    
Severity: normal    
Priority: P2    
Version: -current   
Hardware: All   
OS: All   
Attachments:
Description Flags
Fix to set KRB5CCNAME correctly in GSSAPI code
none
Another patch to set KRB5CCNAME correctly in GSSAPI code none

Description Steven Michaud 2003-10-31 07:22:45 AEDT 
This is something we missed when going over the GSSAPI code this August.

The code in ssh_gssapi_krb5_storecreds() in gss-serv-krb5.c doesn't set the
KRB5CCNAME environment variable correctly.  At present it includes only the
cache's "name".  But it should actually include both it's "type" and it's
"name", separated by a colon ':' -- e.g. "FILE:/tmp/krb5cc_100_Ao7629".  (Simon
Wilkinson's patches to 3.6.1p2 and previous versions did this correctly.)

I'll add a patch to fix the problem.  I made the code general enough to work
with other cache "types" -- e.g. API or MEMORY.
Comment 1 Steven Michaud 2003-10-31 07:24:54 AEDT 
Created attachment 490 [details]
Fix to set KRB5CCNAME correctly in GSSAPI code
Comment 2 Steven Michaud 2003-10-31 07:36:58 AEDT 
Created attachment 491 [details]
Another patch to set KRB5CCNAME correctly in GSSAPI code

Oops, my first fix wasn't general enough.  Here's a better one.
Comment 3 Simon Wilkinson 2003-11-02 12:37:30 AEDT 
I think this patch is probably over complex.

In both the Heimdal and MIT cases we constrain ourselves to FILE: credential
caches (the call to the Heimdal variant with &krb5_fcc_ops, and the 'FILE:' 
prefix to the MIT code). Under Unix, MIT Kerberos defaults to using 'FILE' when 
no credential cache type is given and Heimdal always defaults to using 'FILE'.

For correctness, we should probably prefix the cache with 'FILE'.
Comment 4 Darren Tucker 2004-01-24 18:56:25 AEDT 
Bug cleanup: this appears to be a dupe of #698.

*** This bug has been marked as a duplicate of 698 ***
Comment 5 Damien Miller 2004-04-14 12:24:19 AEST 
Mass change of RESOLVED bugs to CLOSED