[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-devel] logging in as different users?



On Fri, 2007-11-09 at 10:43 -0500, Simo Sorce wrote:
> On Fri, 2007-11-09 at 10:33 -0500, Karl MacMillan wrote:
> > On Fri, 2007-11-09 at 09:47 -0500, Rob Crittenden wrote:
> > > David O'Brien wrote:
> > > > More information:
> > > > 
> > > > I ssh'd to the server, ran kinit admin and browsed to the server using a
> > > > different Firefox profile. Got logged in as admin
> > > > 
> > > > A little while later (20mins) I closed the browser on the server itself,
> > > > reopened and connected again, and now it says logged in as admin.
> > > > 
> > > > So, I'm actually logged in to the IPA server as admin in two different
> > > > locations. Does this open up the potential for collisions or is it a
> > > > case of "First in is the winner"? What notification is there likely to
> > > > be?  I haven't tried anything yet...
> > > 
> > > It's fine and perfectly valid. With simultaneous record updates the last 
> > > one will win.
> > > 
> > 
> > Maybe I misread things, but it sounds a bit like firefox was keeping
> > tickets in memory allowing a user to auth after tickets were destroyed.
> > Or did I misread that?
> 
> I don't think this is possible, FF just uses the system libs and they
> don't do that.

Well something is happening - look at his first report:

I tried the following on the IPA server:

1. kinit admin (got ticket ok)
2. Browse to server, interact, add a user. (all ok)
3. kdestroy
4. kinit newuser (got ticket ok)
5. Browse to server, interact. ok
6. kdestroy
7. kinit admin (checked revised ticket, ok)
8. Browse to server. It still says I'm logged in as newuser domain

I tried refreshing, closing the browser, etc., but I seem to be stuck.

Could be server-side, could be user error, but something odd is going
on.

Karl


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]