[PATCH] Bug#1780 smbspool can't use kerberos authentication

Gerald (Jerry) Carter jerry at samba.org
Mon May 9 14:48:58 GMT 2005

Hash: SHA1

Rodrigo Fernandez-Vizarra wrote:

| Attached you will find two patches.
| The first one samba3-smbspool-krb.patch allows
| the smbspool cups  backend to use the kerberos credentials
| of the user who issued the print job.
| The second one does the same but also works in those
| systems, as SuSE  SLES 9.0 where root processes are
| not allowed to read user kerberos  ticket
| cache (don't know if this is a bug or a feature).
| Of course, for this patch to work you have to have
| a kerberos ticket available ( kinit, or pam_krb5 configured).
| It first try to use the username:password (if any )
| encoded in the  DEVICE_URL, if it fails it tries to use
| kerberos, if that fails tries an anonymous authentication.
| Any feedback will be welcomed.


I'm trying to remember the original discussions
we had so I can check this patch in.  What was the
drawback (if any) of using the second patch?

- --- smbspool.c.krb5     2005-05-09 08:36:58.857396000 -0500
+++ smbspool.c.setuid   2005-05-09 08:37:33.095806000 -0500
@@ -408,6 +408,13 @@
~       return NULL;
~     }
~     free(cache_file);
+    /*
+     * Change the UID of the process to be able to read the kerberos
+     * ticket cache
+     */
+    setuid(passwd.pw_uid);
~   }

cheers, jerry
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba-technical mailing list