Re: anybody USING the krb5 version?
Quoting Debra S Baddorf badd...@fnal.gov: The fix I just sent is much more elegant than I originally mentioned. I'm actually using the provided (symbol or variable) to set the user back to the proper client login (ie the non prived user) that you specified in your setup configuration files and/or compilation. Deb Baddorf Fermilab Looks good so far, it compiled without issues and amcheck works now. I will be going on vacation now, but will report back results when it has run through a proper backup. /Andreas
Re: anybody USING the krb5 version?
On Jun 9, 2013, at 10:23 AM, Andreas Sundstrom wrote: Manually adding setuid(11) and seteuid (11)(the id for my dumpuser, operator) at the tail end of common-src/krb5-security.c fixed the whole thing AND AMCHECK AND ALSO AMDUMP WORK PERFECTLY. Would you like to share more exactly where you put it? I'm trying to patch Debian's 3.3.1 version to work with krb5 now. But I have not figured out where to add the workaround for dropping root priv again. But that's cheating, manually setting the UID downwards. Is it in the code already, proved by the fact that somebody else has got it to work? Or shall we continue to poke around to find the proper way to down-set the UID, and then send it in? I understand that your fix probably can be considered a very ugly hack, but it would let me continue my upgrade to Debian Wheezy. I'm currently running 2.5.2p1 (from Debian Lenny) as that is what I last got it working with. A little help from a amanda developer to properly fix krb5 would be nice as well, since it is still stated as a supported feature. Thanks Andreas Sundstrom The fix I just sent is much more elegant than I originally mentioned. I'm actually using the provided (symbol or variable) to set the user back to the proper client login (ie the non prived user) that you specified in your setup configuration files and/or compilation. Deb Baddorf Fermilab
Re: anybody USING the krb5 version?
On 2013-03-30 00:07, Debra S Baddorf wrote:
Amanda Users:
I've installed amanda v3.3.3 but am having trouble getting the auth
krb5
version to work.Is anybody actually using it yet?
I am actually still using krb5 - and would like to continue to do so.
When I run the xinetd as user=root it complains that
amcheck wants to be my dumpuser, operator. But it isn't happy running
xinetd as operator either.
I've manually moved the seteuid(0)paragraph in amandad.c
/* krb5 require the euid to be 0 */
if (strcasecmp(auth, krb5) == 0) {
seteuid((uid_t)0);
}
so it's before the if krb5 then you need to be root
paragraph. That got me a little further. But now it complains that
it isn't being
UN-prived properly.
I got this far as well, thanks to your instructions.
Manually adding setuid(11) and seteuid (11)(the id for my
dumpuser, operator)
at the tail end of common-src/krb5-security.c fixed the whole thing
AND AMCHECK AND ALSO AMDUMP WORK PERFECTLY.
Would you like to share more exactly where you put it? I'm trying to
patch Debian's
3.3.1 version to work with krb5 now. But I have not figured out where to
add the
workaround for dropping root priv again.
But that's cheating, manually setting the UID downwards. Is it in
the code already,
proved by the fact that somebody else has got it to work? Or shall
we continue
to poke around to find the proper way to down-set the UID, and then
send it in?
I understand that your fix probably can be considered a very ugly hack,
but it would let
me continue my upgrade to Debian Wheezy. I'm currently running 2.5.2p1 (from
Debian Lenny) as that is what I last got it working with.
A little help from a amanda developer to properly fix krb5 would be nice
as well, since
it is still stated as a supported feature.
Thanks
Andreas Sundstrom
