NOT APPROVED: keychain
Ville Skyttä
ville.skytta at iki.fi
Tue Aug 16 19:31:14 UTC 2005
On Tue, 2005-08-16 at 15:25 +0200, Alexander Dalloz wrote:
> Am Fr, den 05.08.2005 schrieb Ville Skyttä um 13:56:
>
> > I noticed a problem with the opt-in mechanism in the keychain package.
> > When a user who has done the opt-in and has such a ssh-agent running
> > runs "sudo -s", a new keychain/ssh-agent appears to be executed as root,
> > but using the original user's keys. This does not happen if I use the
> > old way of stuffing the commands from the man page to ~/.bash_profile.
> > Plain "su" or "su -" seem to behave as expected, no matter if the
> > ~/.keychainrc or ~/.bash_profile way is being used.
>
> Ville,
>
> sorry to reply that late - I am actually very busy.
NP, we all are sometimes.
> So my proposal is following:
Just from reading it, makes sense to me. Go ahead and commit this to
CVS and I'll test some more. A few remarks:
> USERID=`id -un`
There's also $USER, but I don't know how portable that is.
> if [ $HOME == "$USERHOME" -a -f $HOME/.keychainrc ]; then
AFAIK "==" in comparisons like this is not portable; at least it doesn't
seem to work in zsh. Use "=" instead?
> I am a bit unsure whether we can catch
> all possible configurations (what about users stored in LDAP?)
I think "getent passwd" should return users from LDAP, too.
> - but in doubt the opt-in script will simply not run.
Good.
More information about the fedora-extras-list
mailing list