[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: selinux policy for heimdal and krb5cc cache

To: mivz@alpha.spugium.net
Subject: Re: selinux policy for heimdal and krb5cc cache
From: Harald Barth <haba@pdc.kth.se>
Date: Tue, 21 Mar 2006 14:28:23 +0100 (MET)
Cc: heimdal-discuss@sics.se
In-Reply-To: <441FE011.9030004@alpha.spugium.net>
References: <441F0C39.4030704@alpha.spugium.net><20060321.112846.69972692.haba@habarber.pdc.kth.se><441FE011.9030004@alpha.spugium.net>
Sender: owner-heimdal-discuss@sics.se


> So what the real question is, what part of the heimdal source can I 
> adapt to realize a credential cache in the users home dir? And is there 
> any chance this wil be part of the next heimdal release until there is a 
> proper in memory credential cache?

I think $HOME is a bad place because $HOME is often shared (NFS, AFS) and
not as safe as local disk. What a good place is varies from installaton
to installation. You may find a good place in /var/somewhere. If you want
to modify the initial value or default value of KRB5CCNAME, search for
'/tmp/krb5cc_' in the source. There is for example 
krb5_locl.h:#define KRB5_DEFAULT_CCNAME "FILE:/tmp/krb5cc_%{uid}"
but the sting is also in login.c, rshd.c ...

Harald.

References:
- Re: selinux policy for heimdal and krb5cc cache
  - From: Mivz <mivz@alpha.spugium.net>
- Re: selinux policy for heimdal and krb5cc cache
  - From: Harald Barth <haba@pdc.kth.se>
- Re: selinux policy for heimdal and krb5cc cache
  - From: Mivz <mivz@alpha.spugium.net>

Prev by Date: From:Mrs.Anita Beck.
Next by Date: Re: krb5_mk_req is returning some weird krb5 error.
Prev by thread: Re: selinux policy for heimdal and krb5cc cache
Next by thread: Re: selinux policy for heimdal and krb5cc cache
Index(es):
- Date
- Thread