[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: selinux policy for heimdal and krb5cc cache

> So what the real question is, what part of the heimdal source can I 
> adapt to realize a credential cache in the users home dir? And is there 
> any chance this wil be part of the next heimdal release until there is a 
> proper in memory credential cache?

I think $HOME is a bad place because $HOME is often shared (NFS, AFS) and
not as safe as local disk. What a good place is varies from installaton
to installation. You may find a good place in /var/somewhere. If you want
to modify the initial value or default value of KRB5CCNAME, search for
'/tmp/krb5cc_' in the source. There is for example 
krb5_locl.h:#define KRB5_DEFAULT_CCNAME "FILE:/tmp/krb5cc_%{uid}"
but the sting is also in login.c, rshd.c ...