From unknown Thu Mar 28 21:40:48 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#731: if KRB5CCNAME is not set client-side, don't trigger the KRB5 delegation code Reply-To: Mike Gabriel , 731@bugs.x2go.org Resent-From: Mike Gabriel Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Fri, 09 Jan 2015 23:10:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: report 731 X-X2Go-PR-Package: x2goclient X-X2Go-PR-Keywords: Received: via spool by submit@bugs.x2go.org id=B.14208449575074 (code B); Fri, 09 Jan 2015 23:10:01 +0000 Received: (at submit) by bugs.x2go.org; 9 Jan 2015 23:09:17 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id DFE485DEAA for ; Sat, 10 Jan 2015 00:09:15 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id 91036329A for ; Sat, 10 Jan 2015 00:09:15 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id 85B5F3C841 for ; Sat, 10 Jan 2015 00:09:15 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tG+Tv0xvjbvZ for ; Sat, 10 Jan 2015 00:09:15 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 4FD0C3B9F8 for ; Sat, 10 Jan 2015 00:09:15 +0100 (CET) Received: from bifrost.das-netzwerkteam.de (bifrost.das-netzwerkteam.de [178.62.101.154]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Fri, 09 Jan 2015 23:09:15 +0000 Date: Fri, 09 Jan 2015 23:09:15 +0000 Message-ID: <20150109230915.Horde.hJBgffJkVdw_BXnxyAtfUQ1@mail.das-netzwerkteam.de> From: Mike Gabriel To: submit@bugs.x2go.org User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 178.62.101.154 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Iceweasel/32.0 Content-Type: multipart/signed; boundary="=_Qpcd5HiOXWFBDDXHjVdMMA1"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_Qpcd5HiOXWFBDDXHjVdMMA1 Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Package: x2goclient Severity: important Version: 4.0.3.1 If the $KRB5CCNAME envvar is not set, X2Go Client nonetheless tries to=20= =20 push=20the KRB5CCNAME file to the X2Go Server. This results in a Qt error message window, because the copy command=20=20 (cp=20$KRB5CCNAME $KRBFL just before executing x2goruncommand) is only=20= =20 evoked=20with one parameter ($KRBFL, $KRB5CCNAME is unset). """ x2go-DEBUG-../sshprocess.cpp:449> ssh finished: false - "cp: Fehlender=20= =20 ZieldateiOperand=20hinter=20=20 /home/mike/.x2go/C-mike-52-1420843691_stDMATE_dp24/krb5cc cp=20--help liefert weitere Informationen. " (5). """ Mike --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=_Qpcd5HiOXWFBDDXHjVdMMA1 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJUsF+bAAoJEJr0azAldxsx/S4P/1IeitBHvzkk08w3tpRO/6BH 7u7m8/6Z1/XC+H9HQqW7SkPLmlSQ/Va8mV0tD0MclkK0ekPDXS9K1LaFKASBi3Hz eNQlj824f+NGjnfdPArxzByO1msxiaXi7sqwA5es6eMnCE67F7Ndk4H7/GTAssFK JoHDdVvUIoKUmMoS+QwpGobbSpdmtHDAf2jjxAb1pKopuXzlshdWu6p/F7NFwXuQ vxrP4oBCzg3CgLw2Gxjl9oXrNeSXjI+k4460BJ0JDWQbJCkuaVC52guIJWjG07St 1aE9xxPwFWtilEd0qBoFc78O5YnrZM/8CvEpRe/oqav96I8OuB3uFzephhy5SjWC Ihm8Uij71ZYdsyZEhnoe8mLA/gGPVmzAhvvlMW1LUaqjcbmC5p+jD1ECvWuyu8QM AI5QbZt1seVTmk6UIGdnIl9FQ08tEwhRAa8Iy+CgYtS21kHM/lLX0Ref8BSUkfxX pNN/6yzHpo2kdrsAwq9e55GDQu3QBht4nPJUirQw1/MolQ0YTqCu1T0RdLWhl3Rb PphYhz/yudVBKEAyyr/hhXnu8zH3PbhX4yqs1chCSUzSbjovwiEhuD8cM7AMGfTy dLdiKcIHUcCCV2gfOrsxiUMMxvmnXxWItViTa0SHT3gsfJoENGjLDwI9HHubutXY ajCkt9aOscN+/fTL5Puw =JH+n -----END PGP SIGNATURE----- --=_Qpcd5HiOXWFBDDXHjVdMMA1-- From unknown Thu Mar 28 21:40:48 2024 X-Loop: owner@bugs.x2go.org Subject: Bug#731: [X2Go-Dev] Bug#731: if KRB5CCNAME is not set client-side, don't trigger the KRB5 delegation code Reply-To: Orion Poplawski , 731@bugs.x2go.org Resent-From: Orion Poplawski Resent-To: x2go-dev@lists.x2go.org Resent-CC: X2Go Developers X-Loop: owner@bugs.x2go.org Resent-Date: Wed, 18 Jan 2017 20:20:01 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.x2go.org X-X2Go-PR-Message: followup 731 X-X2Go-PR-Package: x2goclient X-X2Go-PR-Keywords: Received: via spool by 731-submit@bugs.x2go.org id=B731.148477064028079 (code B ref 731); Wed, 18 Jan 2017 20:20:01 +0000 Received: (at 731) by bugs.x2go.org; 18 Jan 2017 20:17:20 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from localhost (localhost [127.0.0.1]) by ymir.das-netzwerkteam.de (Postfix) with ESMTP id E504F3CDDB for <731@bugs.x2go.org>; Wed, 18 Jan 2017 21:17:17 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at ymir.das-netzwerkteam.de Received: from ymir.das-netzwerkteam.de ([127.0.0.1]) by localhost (ymir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JD9NjsI9WWYa for <731@bugs.x2go.org>; Wed, 18 Jan 2017 21:17:09 +0100 (CET) Received: from mail.nwra.com (mail.nwra.com [72.52.192.72]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id E38983CDDA for <731@bugs.x2go.org>; Wed, 18 Jan 2017 21:17:08 +0100 (CET) Received: from barry.cora.nwra.com (inferno.cora.nwra.com [208.187.183.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.nwra.com (Postfix) with ESMTPS id 10A983406A0; Wed, 18 Jan 2017 12:17:06 -0800 (PST) To: Mike Gabriel , 731@bugs.x2go.org References: <20150109230915.Horde.hJBgffJkVdw_BXnxyAtfUQ1@mail.das-netzwerkteam.de> From: Orion Poplawski Message-ID: Date: Wed, 18 Jan 2017 13:17:05 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 MIME-Version: 1.0 In-Reply-To: <20150109230915.Horde.hJBgffJkVdw_BXnxyAtfUQ1@mail.das-netzwerkteam.de> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit On 01/09/2015 04:09 PM, Mike Gabriel wrote: > Package: x2goclient > Severity: important > Version: 4.0.3.1 > > If the $KRB5CCNAME envvar is not set, X2Go Client nonetheless tries to push > the KRB5CCNAME file to the X2Go Server. > > This results in a Qt error message window, because the copy command (cp > $KRB5CCNAME $KRBFL just before executing x2goruncommand) is only evoked with > one parameter ($KRBFL, $KRB5CCNAME is unset). > > """ > x2go-DEBUG-../sshprocess.cpp:449> ssh finished: false - "cp: Fehlender > ZieldateiOperand hinter /home/mike/.x2go/C-mike-52-1420843691_stDMATE_dp24/krb5cc > cp --help liefert weitere Informationen. > " (5). > """ I'm not sure if any of this is necessary: if(sshConnection->useKerberos() && sshConnection->get_kerberosDelegation()) { krbFwString="KRB5CCNAME=`echo $KRB5CCNAME |sed 's/FILE://g'` \ KRBFL=$HOME/.x2go/C-"+resumingSession.sessionId+"/krb5cc ;\ cp -a $KRB5CCNAME $KRBFL;KRB5CCNAME=$KRBFL "; } I believe that SSH will handle the delegation of GSSAPI/Kerberos credentials. In my case, I'm using the modern keyring credentials cache: KRB5CCNAME=KEYRING:persistent:22603 so I get: cp: cannot stat âKEYRING:persistent:22603:22603â: No such file or directory however my credentials are present on the remote machine and I can get to them if I unset KRB5CCNAME. -- Orion Poplawski Technical Manager 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@nwra.com Boulder, CO 80301 http://www.nwra.com