storing tickets in memory

Ken Raeburn raeburn at MIT.EDU
Wed Jun 9 23:08:20 EDT 2004

On Jun 9, 2004, at 10:48, Adam Denenberg wrote:
>  i am not on the list so please CC me in reply to the message.  I am
> doing some kerberos research and I am trying to see if there is a way 
> to
> store the ticket credentials cache in memory instead of a file in /tmp
> (for security reasons).  Is this a configurable option and if so how?

I assume storing them in a ramdisk file (mounted on /tmp or elsewhere) 
is not quite what you mean...

We have a memory ccache type which stores credentials in heap storage, 
but that's useless if you need to access them from multiple processes.

At the moment, no, there's no other option, on UNIX.  On Mac OS X and 
Windows, we've got the capability of using interprocess communication 
to contact a process which holds the credentials in memory.  In the 
Kerberos 4 code I think there are still bits of code for supporting the 
use of shared-memory segments for credentials, but I have no idea if it 
still works (we probably don't care much if it doesn't), and AFAIK no 
one has done anything similar to krb5.


More information about the Kerberos mailing list