Quieten -Wall a bit.
From Joe Traister:
The previous patch did not propogate the KRBTKFILE environment variable
into the new environment when -l is given to su, making it impossible
for kdestroy to find the ticket file. This patch corrects that problem
as well as the original segfault problem.
(Fixes PR 3903)
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions. This ensures
that packets only leave the *authenticated* interface. Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos. krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.
Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>
to the target login's shell. This allows for "su -c".
Do it right this time and also explain this behaviour in the man
page. :)
Obtained from: bsm's work in FreeBSD 1.1.5.1
to su to root by authenticating as themselves (using a password or S/Key)
rather than by using the root password. This is useful in contexts like
ours, where a large group of people need root access to a set of machines.
(However, the security implications are such that this should not be
enabled by default.)
The code is conditionalized on WHEELSU.
properly. I know, tcsh is not a "Real Shell".
jc p2 :0.0 Tue04PM - -u (tcsh)
^^^
7173 p2 S+ 0:01.33 -u (tcsh)
^^^
Submitted by: John Capo <jc@irbs.com>
libskey contains references to _crypt and can't resolve it unless
-lcrypt occurs after it in the link command. This only occurs when
linking statically.
- Get rid of inverse logic (NOKERBEROS and NOEBONES) in src/makefile,
and replace with MAKE_KERBEROS and MAKE_EBONES. (Far fewer contortions,
and both default to off.) IF YOU WANT KERBEROS, YOU HAVE TO EXPLICITLY
DEFINE ONE OF THESE.
- Make Makefiles kerberos-aware.
