Ticket History #6803: Config variable for default ccache directory

RT for krbdev.mit.edu

History Show all quoted text — Show full headers

# Fri Oct 15 00:40:05 2010 ghudson@mit.edu (Greg Hudson) - Ticket created

Subject:

Config variable for default ccache directory

Download (untitled) / with headers
text/plain 537B

Currently the default ccache directory is hardcoded to be /tmp on Unix-
like platforms:

snprintf(name_buf, name_size, "FILE:/tmp/krb5cc_%ld", (long)
getuid());

Zaar Hai has requested that this variable be configurable via krb5.conf.
An example use case would be to choose a directory which is mounted on a
memory filesystem (if for some reason /tmp needs to be on real disk), in
order to ensure that ccaches do not survive a reboot.

Mailing list thread at:

http://mailman.mit.edu/pipermail/kerberos/2010-October/016634.html

# Fri Oct 15 03:01:02 2010 raeburn (Ken Raeburn) - Correspondence added

Subject:	Re: [krbdev.mit.edu #6803] Config variable for default ccache directory
From:	Ken Raeburn <raeburn@MIT.EDU>
Date:	Fri, 15 Oct 2010 03:00:59 -0400
To:	rt@krbdev.mit.edu
RT-Send-Cc:

Download (untitled) / with headers
text/plain 677B

Implementing this change would also be a good time to allow setting of the default ccache type -- or the default name-including-type, which is different -- so that a system can be switched to default to keyring ccaches, for example.

A tougher one would be coming up with a mechanism to recommend for sshd, pam, login, and the like to use to generate a new ccache name with a system-wide default type specified in a config file, which may have different type-specific ways of incorporating pty names, session ids, randomly generated strings, etc. Currently, I believe changing the default ccache type for a system means hacking multiple remote-access programs separately?

Ken