My Oracle Support Banner

Sudo Does not Honor env_keep -="KRB5CCNAME" Variable after Dropping sudo Cache (Doc ID 2481085.1)

Last updated on FEBRUARY 24, 2019

Applies to:

Linux OS - Version Oracle Linux 6.1 to Oracle Linux 6.9 [Release OL6U1 to OL6U9]
Linux x86
Linux x86-64

Symptoms

Whenever below variable is added to /etc/sudoers:

Defaults env_keep -= "KRB5CCNAME"

And below test is being executed:

# sudo env | grep -i krb
#

It does not give any output for KRB ticket cache information which is correct.

But if sudo cache is dropped via command:

# sudo -k

And then again execute sudo env command - KRB ticket is displayed

#$ sudo env | grep -i krb
[sudo] password for <password>:
KRB5CCNAME=FILE:/tmp/krb5cc_1100283_asd832j

After again sudo env command is used - no KRB details are displayed

 $ sudo env | grep -i krb
 $ sudo env | grep -i krb
 $ sudo env | grep -i krb



Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.