problems with PAG and ARLA
Holger Trapp
Holger.Trapp at Informatik.TU-Chemnitz.DE
Wed May 26 09:01:20 CEST 1999
Hello,
I came across a little problem when using SSH 1.2.26 with Dug Song's AFS
patches "ssh-1.2.26-afs-kerberos.patch-1"
(http://www.monkey.org/~dugsong/ssh-afs-kerberos.html) on a machine running
ARLA 0.24 and Linux 2.2.9. My Arla installation uses the KTH Kerberos package
krb4-0.9.9.
In the Secure Shell daemon the PAG is set correctly by k_setpag() but
afterwards destroyed by initgroups(). Below you see an example. I added some
debug messages to sshd. The IDs are printed by the standard tool 'id' which is
invoked via system(). This is an ugly hack, I know, but should show the
relevant info:
before initgroups
uid=0(root) gid=100(users) groups=33536,32513,0(root),1(bin),14(uucp),15(shadow),16(dialout),65534(nogroup)
after initgroups
uid=0(root) gid=100(users) groups=100(users),0(root),0(root),11(httpd)
When running Derek Atkin's port of AFS 3.3a on Linux 2.0.36 the PAG is kept:
before initgroups
uid=0(root) gid=100(users) groups=33536,32513,0(root),1(bin),14(uucp),15(shadow),16(dialout),65534(nogroup)
after initgroups
uid=0(root) gid=100(users) groups=33536,32513,100(users),0(root),0(root),11(httpd)
Might this be an ARLA-specific problem or should it be handled by the AFS
patches for SSH, e.g. by using getgroups()/setgroups()? How could such a
solution look like?
Cheers,
Holger
More information about the Arla-drinkers
mailing list