Debra,
On 03/29/2013 04:07 PM, Debra S Baddorf wrote:
Amanda Users:
I've installed amanda v3.3.3 but am having trouble getting the auth "krb5"
version to work. Is anybody actually using it yet?
I'm not sure someone use it and I didn't tested it in many years.
I'm looking at a patch by Dustin from 2009-09-09
He changed
if (getuid() == 0) {
by
if (geteuid() == 0) {
Your fix is a good wokaround, or you can try to change the previous test.
Jean-Louis
When I run the xinetd as user=root it complains that
amcheck wants to be my dumpuser, operator. But it isn't happy running
xinetd as operator either.
I've manually moved the seteuid(0) paragraph in amandad.c
/* krb5 require the euid to be 0 */
if (strcasecmp(auth, "krb5") == 0) {
seteuid((uid_t)0);
}
so it's before the "if krb5 then you need to be root"
paragraph. That got me a little further. But now it complains that it isn't
being
UN-prived properly.
Manually adding setuid(11) and seteuid (11) (the id for my dumpuser,
operator)
at the tail end of common-src/krb5-security.c fixed the whole thing
AND AMCHECK AND ALSO AMDUMP WORK PERFECTLY.
But that's cheating, manually setting the UID downwards. Is it in the code
already,
proved by the fact that somebody else has got it to work? Or shall we continue
to poke around to find the proper way to down-set the UID, and then send it
in?
Deb Baddorf
Fermilab
PS googling for the error msgs I'm getting, makes me think that no one has
tried
this in a few years, and that they never resolved it either.
