URL: <http://savannah.cern.ch/bugs/?99540> Summary: When using krb5 the user name is not extracted Project: XROOTD Submitted by: wilko Submitted on: 2012-12-19 00:13 Report Type: Bug Priority: 5 - Normal Severity: 3 - Normal Status: None Privacy: Public Assigned to: wilko Originator Email: Open/Closed: Open Discussion Lock: Any Fixed by commit(s): _______________________________________________________ Details: When using xrootd with krb5 authentication the xrootd was not able to obtain the user name from the ticket but it was set to '?'. For example the xrootd log showed: xrdlog:121218 12:32:30 949 XrootdXeq: wilko.2367:21@host1 login as ? The problem was that in XrdSecProtocolkrb5::Authenticate() the call to pGuard.Valid() failed and it didn't get into the code path to extract the user name. The xrootd was running as a non-privileged user but it used krb_kt_uid=0 and that caused the Valid() function to fail (I believe because it tried to change the euid). The problem has been fixed in commit 031593e079d507058a133e030a200abf1c702cee by setting krb_kt_uid to the uid of the xrootd process or the uid of the keytab file user. The same is true for the gid. I hope this didn't break anything for setups that already worked (which I guess worked because xrootd was running as root). _______________________________________________________ Reply to this item at: <http://savannah.cern.ch/bugs/?99540> _______________________________________________ Message sent via/by LCG Savannah http://savannah.cern.ch/ ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1