kinit error with systemd

Simo Sorce simo at redhat.com
Thu Oct 10 16:45:05 EDT 2013


On Mon, 2013-10-07 at 10:16 +0200, steve wrote:
> On Sun, 2013-10-06 at 12:37 -0400, Greg Hudson wrote:
> > On 10/06/2013 06:18 AM, steve wrote:
> > > Thanks. It works fine. Just a pity that something like this had to
> > > change. It worked fine when the cache was create in /tmp.
> > 
> > The upstream default is still /tmp/krb5cc_%{uid}.  In 1.11 we added the 
> > ability to change the default ccache name, either at build time or in 
> > /etc/krb5.conf.  I wasn't aware that OpenSUSE had started doing this in 
> > their build, but it's not entirely surprising given that they use 
> > systemd.  You should be able to change it back in krb5.conf if you prefer:
> > 
> >      [libdefaults]
> >          default_ccache_name = /tmp/krb5cc_%{uid}
> > 
> > We're aware of the unfortunate corner cases which result from using a 
> > systemd per-user temporary directory as the default.  For 1.12, Simo 
> > Sorce and I have done some work on the KEYRING ccache type which, in 
> > combination with some new kernel features, should make it a reasonable 
> > choice for a per-user default.  Obviously, that only helps on Linux, so 
> > we don't consider it a complete solution.  In the longer term, we hope 
> > to introduce a daemon-backed ccache type (like Kerberos for Window's 
> > CCAPI or Heimdal's KCM) which can work on all Unix-like platforms.
> > 
> 
> Hi
> Thanks for the info. I don't know whether openSUSE have this in mind but
> your solution does indeed solve the problem.
> 
> I wonder if systemd has an official way of doing this?

systemd developers made quite clear that the XDGRUNTINE directory is
created after some of the pam modules are run and not created at all in
some case (sudo su without -i/-l at least), which is why we are working
on a Keyring based solution for now.

Simo.

>  To try and get an
> official openSUSE slant on this, we've opened a bugzilla:
> https://bugzilla.novell.com/show_bug.cgi?id=844198
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos


-- 
Simo Sorce * Red Hat, Inc * New York




More information about the Kerberos mailing list