RT RT/krbdev.mit.edu: Ticket #6803 Config variable for default ccache directory Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
6803
Status
open
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
  • krb5-libs
Tags
  • enhancement
Version_reported
Version_Fixed
Target_Version
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Fri Oct 15 00:40:05 2010
Starts: Not set
Started: Not set
Last Contact: Fri Oct 15 03:01:02 2010
Due: Not set
Updated: Fri Oct 15 03:01:02 2010 by raeburn
 

 People  
Owner
 Nobody
Requestors
 ghudson@mit.edu
Cc
 
AdminCc
 
 

 More about Greg Hudson  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Fri Oct 15 00:40:05 2010  ghudson - Ticket created    
     
Subject: Config variable for default ccache directory

Currently the default ccache directory is hardcoded to be /tmp on Unix-
like platforms:

    snprintf(name_buf, name_size, "FILE:/tmp/krb5cc_%ld", (long)
getuid());

Zaar Hai has requested that this variable be configurable via krb5.conf.
An example use case would be to choose a directory which is mounted on a
memory filesystem (if for some reason /tmp needs to be on real disk), in
order to ensure that ccaches do not survive a reboot.

Mailing list thread at:

http://mailman.mit.edu/pipermail/kerberos/2010-October/016634.html


Download (untitled) 537b
      Fri Oct 15 03:01:02 2010  raeburn - Correspondence added    
     
Subject: Re: [krbdev.mit.edu #6803] Config variable for default ccache directory 
From: Ken Raeburn <raeburn@MIT.EDU>
Date: Fri, 15 Oct 2010 03:00:59 -0400
To: rt@krbdev.mit.edu
RT-Send-Cc: 

Implementing this change would also be a good time to allow setting of the default
ccache type -- or the default name-including-type, which is different -- so that a
system can be switched to default to keyring ccaches, for example.

A tougher one would be coming up with a mechanism to recommend for sshd, pam, login,
and the like to use to generate a new ccache name with a system-wide default type
specified in a config file, which may have different type-specific ways of
incorporating pty names, session ids, randomly generated strings, etc.  Currently, I
believe changing the default ccache type for a system means hacking multiple remote-
access programs separately?

Ken


Download (untitled) 677b