[sudo-users] (Probably) basic problem with sudo and kerberos tickets

Chris Causer chy.causer at gmail.com
Wed Sep 16 04:27:03 EDT 2009


The problem still exists but I can perhaps provide more information:

1) I was wrong: the ticket is only deleted if you have to enter your
password. If you use a timeout terminal (ie no password) then the ticket is
preserved.

2) If you move the ticket file to say /tmp/wibble and reset the environment
variable $KRB5CCNAME to /tmp/wibble, then the ticket is preserved no matter
how you sudo.

3) If you use a local account (ie one that uses passwd/shadow) then the
ticket is preserved. AFAIK this only happens to users who authenticate using
kerberos.

I would be so grateful if anyone could help me. I've been looking over the
source and I cannot for the life of me see where anything would delete the
ticket file in tmp when you authenticate but not when you use a cached sudo.

Cheers

Chris



More information about the sudo-users mailing list