https://bugzilla.novell.com/show_bug.cgi?id=216275 Summary: AUDIT-0: pam_krb5: check if the setuid/setgid checks can go away Product: openSUSE 10.2 Version: Beta 1 plus Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: security-team@suse.de ReportedBy: meissner@novell.com QAContact: qa@suse.de CC: mc@novell.com pam_krb5 has ticket refresh logic to be able to refresh krb5 tickets. this check logic apparently is protected by checks which check if the program is running setuid or setgid and does not refresh if this is the case. This was done by the author since he was unsure if his code is safe or not. This blocks the KDE screensaver from being able to refresh the KRB5 tickets. We should audit the code that does the ticket refresh if it is setuid root safe and allow the wrapper check to go away, so the KDE screensaver can refresh tickets. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.