[Spacewalk-list] NOCpulse::SetID
Miroslav Suchý
msuchy at redhat.com
Fri Nov 20 16:07:13 UTC 2009
Marcus Moeller wrote:
> We have some problems with NOCpulse::SetID and Kerberos/LDAP
> Authentication.
>
> Our server is configured to allow uid <500 to be authenticated locally,
> in /etc/pam.d/system-auth:
>
> auth requisite pam_succeed_if.so uid >= 500 quiet
>
> gogo.pl (which makes use of SetID) is started with nocpulse username as
> parameter and the user id of nocpulse is 101 with gid 102. So, normally
> the Kerberos/LDAP Servers should not be queried.
>
> A simple su - nocpulse from commandline works fine, too.
>
> Despite, from a gogo.pl strace, SetID is continuously trying to access
> our LDAP servers
>
> 10291 getsockname(5, {sa_family=AF_INET, sin_port=htons(47740),
> sin_addr=inet_addr("xx.xx.xx.xx")}, [9583941490611060752]) = 0
> 10291 getpeername(5, {sa_family=AF_INET, sin_port=htons(389),
> sin_addr=inet_addr("yy.yy.yy.yy")}, [68719476752]) = 0
>
> Any idea?
I suppose the use of function of getpwnam() is resposible for these.
mail at marcus-moeller.de
--
Miroslav Suchy
Red Hat Satellite Engineering
More information about the Spacewalk-list
mailing list