[krbdev.mit.edu #3036] Feature Request 2a for 1.5 (or whatever)
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Mon May 2 13:31:11 EDT 2005
On May 2, 2005, at 12:34, "Henry B. Hotz" via RT wrote:
> Credential cache storage that goes away if you shut the machine down
> (or crash it).
Kind of like, oh, having the administrator put /tmp into a memory-based
file system?
I'd like to see us add a config-file option to specify the default
directory for credentials, so that a small memory file system could be
used for credentials without requiring that /tmp be that file system.
But not revealing the data after a crash could be tricky on some
systems, unless you do something like encrypting the file system in a
key stored in some magic place in the kernel that is guaranteed to be
wiped before the OS writes out a crash dump.
Aside from making some recommendations about file system setups, you're
basically asking us to invent OS-level functionality across
platforms....
More information about the krb5-bugs
mailing list