storing tickets in memory
Ken Raeburn
raeburn at MIT.EDU
Wed Jun 9 23:08:20 EDT 2004
On Jun 9, 2004, at 10:48, Adam Denenberg wrote:
> i am not on the list so please CC me in reply to the message. I am
> doing some kerberos research and I am trying to see if there is a way
> to
> store the ticket credentials cache in memory instead of a file in /tmp
> (for security reasons). Is this a configurable option and if so how?
I assume storing them in a ramdisk file (mounted on /tmp or elsewhere)
is not quite what you mean...
We have a memory ccache type which stores credentials in heap storage,
but that's useless if you need to access them from multiple processes.
At the moment, no, there's no other option, on UNIX. On Mac OS X and
Windows, we've got the capability of using interprocess communication
to contact a process which holds the credentials in memory. In the
Kerberos 4 code I think there are still bits of code for supporting the
use of shared-memory segments for credentials, but I have no idea if it
still works (we probably don't care much if it doesn't), and AFAIK no
one has done anything similar to krb5.
Ken
More information about the Kerberos
mailing list