Bug#394832: openafs-krb5: aklog doesnt retrievs tokens if principal contains a / slash

Daniel J. Priem Mon, 23 Oct 2006 05:13:08 -0700

Package: openafs-krb5
Severity: normal

Version in use is 
openafs-krb5  1.4.2~fc4-3  AFS distributed filesystem Kerberos 5 integration



Please ignore the different hostnames. it was on both the same error.
Here trying with user root/afsadmin

[EMAIL PROTECTED]:~# pts examine root/afsadmin
Name: root/afsadmin, id: 1, owner: system:administrators, creator: anonymous,
  membership: 1, flags: S----, group quota: unlimited.
[EMAIL PROTECTED]:~# pts examine afsadmin
Name: afsadmin, id: 2, owner: system:administrators, creator: anonymous,
  membership: 1, flags: S----, group quota: unlimited.
[EMAIL PROTECTED]:~#
[EMAIL PROTECTED]:~# cat /etc/openafs/server/UserList
root/afsadmin
afsadmin
[EMAIL PROTECTED]:~# kdestroy
[EMAIL PROTECTED]:~# kinit -p root/afsadmin
root/[EMAIL PROTECTED]'s Password:
[EMAIL PROTECTED]:~# klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: root/[EMAIL PROTECTED]

  Issued           Expires          Principal
Oct 23 13:26:56  Oct 23 23:26:42  krbtgt/[EMAIL PROTECTED]
Oct 23 13:26:56  Oct 23 23:26:42  [EMAIL PROTECTED]
Oct 23 13:26:56  Oct 23 23:26:42  afs/[EMAIL PROTECTED]
[EMAIL PROTECTED]:~# tokens

Tokens held by the Cache Manager:

   --End of list--
[EMAIL PROTECTED]:~# aklog
[EMAIL PROTECTED]:~# tokens

Tokens held by the Cache Manager:

Tokens for [EMAIL PROTECTED] [Expires Oct 23 23:26]
   --End of list--
[EMAIL PROTECTED]:~#

So didnt work

Now trying as user afsadmin without /

[EMAIL PROTECTED]:~# kdestroy
[EMAIL PROTECTED]:~# klist
klist: No ticket file: /tmp/krb5cc_0
[EMAIL PROTECTED]:~# kinit -p afsadmin
[EMAIL PROTECTED]'s Password:
klist
[EMAIL PROTECTED]:~# klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: [EMAIL PROTECTED]

  Issued           Expires          Principal
Oct 23 13:28:51  Oct 23 23:28:37  krbtgt/[EMAIL PROTECTED]
Oct 23 13:28:51  Oct 23 23:28:37  [EMAIL PROTECTED]
Oct 23 13:28:51  Oct 23 23:28:37  afs/[EMAIL PROTECTED]
[EMAIL PROTECTED]:~# tokens

Tokens held by the Cache Manager:

   --End of list--
[EMAIL PROTECTED]:~# aklog
[EMAIL PROTECTED]:~# tokens

Tokens held by the Cache Manager:

User's (AFS ID 2) tokens for [EMAIL PROTECTED] [Expires Oct 23 23:28]
   --End of list--
[EMAIL PROTECTED]:~#

OKAY works.


Now make sure i am not stupid
now lets look whats wrong.
at first create a user test and then create a user foo/bar
i think foo/bar cant get tokens because of the / slash inside the name

[EMAIL PROTECTED]:~# kadmin
kadmin> add test
Max ticket life [1 day]:
Max renewable life [1 week]:
Principal expiration time [never]:
Password expiration time [never]:
Attributes []:
[EMAIL PROTECTED]'s Password:
Verifying - [EMAIL PROTECTED]'s Password:
kadmin> add foo/bar
Max ticket life [1 day]:
Max renewable life [1 week]:
Principal expiration time [never]:
Password expiration time [never]:
Attributes []:
foo/[EMAIL PROTECTED]'s Password:
Verifying - foo/[EMAIL PROTECTED]'s Password:
kadmin>
kadmin> list *
<snip>
test
foo/bar
<snip>
kadmin>

[EMAIL PROTECTED]:~# kinit -p afsadmin
[EMAIL PROTECTED]'s Password:
[EMAIL PROTECTED]:~# aklog
[EMAIL PROTECTED]:~# pts createuser test
User test has id 3
[EMAIL PROTECTED]:~# pts createuser foo/bar
User foo/bar has id 4
[EMAIL PROTECTED]:~#
[EMAIL PROTECTED]:~# kinit -p test
[EMAIL PROTECTED]'s Password:
[EMAIL PROTECTED]:~# klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: [EMAIL PROTECTED]

  Issued           Expires          Principal
Oct 23 13:38:49  Oct 23 23:41:39  krbtgt/[EMAIL PROTECTED]
Oct 23 13:38:49  Oct 23 23:41:39  [EMAIL PROTECTED]
Oct 23 13:38:49  Oct 23 23:41:39  afs/[EMAIL PROTECTED]
[EMAIL PROTECTED]:~# aklog
[EMAIL PROTECTED]:~# tokens

Tokens held by the Cache Manager:

User's (AFS ID 3) tokens for [EMAIL PROTECTED] [Expires Oct 23 23:41]
   --End of list--
[EMAIL PROTECTED]:~# unlog
[EMAIL PROTECTED]:~# kdestroy
[EMAIL PROTECTED]:~# kinit -p foo/bar
foo/[EMAIL PROTECTED]'s Password:
[EMAIL PROTECTED]:~# klist
Credentials cache: FILE:/tmp/krb5cc_0
        Principal: foo/[EMAIL PROTECTED]

  Issued           Expires          Principal
Oct 23 13:39:28  Oct 23 23:42:18  krbtgt/[EMAIL PROTECTED]
Oct 23 13:39:28  Oct 23 23:42:18  [EMAIL PROTECTED]
Oct 23 13:39:28  Oct 23 23:42:18  afs/[EMAIL PROTECTED]
[EMAIL PROTECTED]:~# tokens

Tokens held by the Cache Manager:

   --End of list--
[EMAIL PROTECTED]:~# aklog
[EMAIL PROTECTED]:~# tokens

Tokens held by the Cache Manager:

Tokens for [EMAIL PROTECTED] [Expires Oct 23 23:42]
   --End of list--
[EMAIL PROTECTED]:~# unlog
[EMAIL PROTECTED]:~# aklog
[EMAIL PROTECTED]:~# tokens

Tokens held by the Cache Manager:

Tokens for [EMAIL PROTECTED] [Expires Oct 23 23:42]
   --End of list--
[EMAIL PROTECTED]:~#


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.17.7AMD
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#394832: openafs-krb5: aklog doesnt retrievs tokens if principal contains a / slash

Reply via email to