RT/krbdev.mit.edu: Ticket #6803 Config variable for default ccache directory

RT/krbdev.mit.edu: Ticket #6803 Config variable for default ccache directory

Signed in as guest.
[Logout]

[Home]

[Search]

[Configuration]

[Display]

[History]

[Basics]

[Dates]

[People]

[Links]

[Jumbo]

The Basics

Id
6803

Status
open

Worked
0 min

Priority
0/0

Queue
krb5

Keyword Selections

Component	krb5-libs
Version_reported
Version_Fixed
Target_Version
Tags	enhancement

Relationships

Depends on:

Depended on by:

Parents:

Children:

Refers to:

Referred to by:

Dates

Created:	Fri Oct 15 00:40:05 2010
Starts:	Not set
Started:	Not set
Last Contact:	Fri Oct 15 03:01:02 2010
Due:	Not set
Updated:	Fri Oct 15 03:01:02 2010 by raeburn

People

Owner
Nobody
Requestors
ghudson@mit.edu
Cc

AdminCc

More about Greg Hudson

Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:

438: login.c uses wrong criteria to set KRB_ENVIRON (new)
575: SRVTAB and ANY keytab types (open)
785: srvtab resolution function is different from file one (new)
576: krb524d should prefer requesting address (new)
6200: Eliminate use of "unsafe" functions (open)
6641: Typed-in master passwords should use enctypes in K/M entry (new)
6782: Master KDC lookup can use SRV lookups despite profile KDC configuration (new)
6803: Config variable for default ccache directory (open)
6831: kadmin should use krb5int_locate_server, honor SRV records (open)
7004: get_creds should restore authdata for non-referral fallback (new)
7024: PAC resigning should support buffer resizing (open)
7044: gss_init_sec_context misbehaves on mismatched credentials (new)
7045: SPNEGO can't display mechanism errors (new)
7062: PKINIT pa_pk_as_req_draft9 encoding issues (open)
7071: PKINIT trusted_ca encoding issues (open)
7083: SPNEGO doesn't implement gss_inquire_cred_by_mech (open)
7090: krb5_gss_get_name_attribute minor cleanup issue (open)
7108: Move build system to top level (new)
7171: Multiple GSSAPI krb5 mechanism variants cause repeated operations (new)
7191: KDC should use encrypted-timestamp key for reply key (new)
7232: Confusing error message for key version mismatch (new)
7434: KDC always offers encrypted timestamp or challenge (open)
7526: "Invalid argument" error for nonexistent KDC hostname (new)
7549: KDC name type return issues (new)
7555: Fix is_referral flag in KDC TGS code (open)

History

Display mode: [Brief headers] [Full headers]

Fri Oct 15 00:40:05 2010	ghudson - Ticket created
Subject: Config variable for default ccache directory Currently the default ccache directory is hardcoded to be /tmp on Unix- like platforms: snprintf(name_buf, name_size, "FILE:/tmp/krb5cc_%ld", (long) getuid()); Zaar Hai has requested that this variable be configurable via krb5.conf. An example use case would be to choose a directory which is mounted on a memory filesystem (if for some reason /tmp needs to be on real disk), in order to ensure that ccaches do not survive a reboot. Mailing list thread at: http://mailman.mit.edu/pipermail/kerberos/2010-October/016634.html		Download (untitled) 537b
Fri Oct 15 03:01:02 2010	raeburn - Correspondence added
Subject: Re: [krbdev.mit.edu #6803] Config variable for default ccache directory From: Ken Raeburn <raeburn@MIT.EDU> Date: Fri, 15 Oct 2010 03:00:59 -0400 To: rt@krbdev.mit.edu RT-Send-Cc: Implementing this change would also be a good time to allow setting of the default ccache type -- or the default name-including-type, which is different -- so that a system can be switched to default to keyring ccaches, for example. A tougher one would be coming up with a mechanism to recommend for sshd, pam, login, and the like to use to generate a new ccache name with a system-wide default type specified in a config file, which may have different type-specific ways of incorporating pty names, session ids, randomly generated strings, etc. Currently, I believe changing the default ccache type for a system means hacking multiple remote- access programs separately? Ken		Download (untitled) 677b