[PATCH] Bug#1780 smbspool can't use kerberos authentication
Gerald (Jerry) Carter
jerry at samba.org
Mon May 9 14:48:58 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rodrigo Fernandez-Vizarra wrote:
| Attached you will find two patches.
|
| The first one samba3-smbspool-krb.patch allows
| the smbspool cups backend to use the kerberos credentials
| of the user who issued the print job.
|
| The second one does the same but also works in those
| systems, as SuSE SLES 9.0 where root processes are
| not allowed to read user kerberos ticket
| cache (don't know if this is a bug or a feature).
|
| Of course, for this patch to work you have to have
| a kerberos ticket available ( kinit, or pam_krb5 configured).
|
| It first try to use the username:password (if any )
| encoded in the DEVICE_URL, if it fails it tries to use
| kerberos, if that fails tries an anonymous authentication.
|
| Any feedback will be welcomed.
Rodrigo,
I'm trying to remember the original discussions
we had so I can check this patch in. What was the
drawback (if any) of using the second patch?
- --- smbspool.c.krb5 2005-05-09 08:36:58.857396000 -0500
+++ smbspool.c.setuid 2005-05-09 08:37:33.095806000 -0500
@@ -408,6 +408,13 @@
~ return NULL;
~ }
~ free(cache_file);
+
+ /*
+ * Change the UID of the process to be able to read the kerberos
+ * ticket cache
+ */
+ setuid(passwd.pw_uid);
+
~ }
cheers, jerry
=====================================================================
Alleviating the pain of Windows(tm) ------- http://www.samba.org
GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCf3haIR7qMdg1EfYRAgibAKDTr6Me+fBO20G495igLmI77Zrd6wCfQpKN
F6RrWJBnu1bof7xfmcxTnC0=
=oPIX
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list