[X2Go-Dev] Bug#731: Bug#731: if KRB5CCNAME is not set client-side, don't trigger the KRB5 delegation code
Orion Poplawski
orion at cora.nwra.com
Wed Jan 18 21:17:05 CET 2017
On 01/09/2015 04:09 PM, Mike Gabriel wrote:
> Package: x2goclient
> Severity: important
> Version: 4.0.3.1
>
> If the $KRB5CCNAME envvar is not set, X2Go Client nonetheless tries to push
> the KRB5CCNAME file to the X2Go Server.
>
> This results in a Qt error message window, because the copy command (cp
> $KRB5CCNAME $KRBFL just before executing x2goruncommand) is only evoked with
> one parameter ($KRBFL, $KRB5CCNAME is unset).
>
> """
> x2go-DEBUG-../sshprocess.cpp:449> ssh finished: false - "cp: Fehlender
> ZieldateiOperand hinter /home/mike/.x2go/C-mike-52-1420843691_stDMATE_dp24/krb5cc
> cp --help liefert weitere Informationen.
> " (5).
> """
I'm not sure if any of this is necessary:
if(sshConnection->useKerberos() && sshConnection->get_kerberosDelegation())
{
krbFwString="KRB5CCNAME=`echo $KRB5CCNAME |sed 's/FILE://g'` \
KRBFL=$HOME/.x2go/C-"+resumingSession.sessionId+"/krb5cc ;\
cp -a $KRB5CCNAME $KRBFL;KRB5CCNAME=$KRBFL ";
}
I believe that SSH will handle the delegation of GSSAPI/Kerberos credentials.
In my case, I'm using the modern keyring credentials cache:
KRB5CCNAME=KEYRING:persistent:22603
so I get:
cp: cannot stat âKEYRING:persistent:22603:22603â: No such file or directory
however my credentials are present on the remote machine and I can get to them
if I unset KRB5CCNAME.
--
Orion Poplawski
Technical Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
More information about the x2go-dev
mailing list