Fedora ticket cache location
Russ Allbery
rra at stanford.edu
Thu Jun 7 16:17:09 EDT 2012
Simo Sorce <simo at redhat.com> writes:
> I am not aware of any interface beyond krb5_cc_* and KRBCCNAME env vars.
> We've had some proposal to use references in the kernel keyring, but no
> firm plans. What kind of interface would you want to see ?
I'm not completely sure, but here's a typical sort of problem. krenew
contains the following code to isolate the user's ticket cache from their
session since it's normally used to run long-running jobs that continue
after the user has logged out:
/*
* Given the Kerberos context and a pointer to the ticket cache, copy that
* ticket cache to a new cache and return a newly allocated string for the
* name of the cache.
*/
static char *
copy_cache(krb5_context ctx, krb5_ccache *ccache)
{
krb5_error_code code;
krb5_ccache old, new;
krb5_principal princ = NULL;
char *name;
int fd;
if (xasprintf(&name, "/tmp/krb5cc_%d_XXXXXX", (int) getuid()) < 0)
die("cannot format ticket cache name");
fd = mkstemp(name);
if (fd < 0)
sysdie("cannot create ticket cache file");
if (fchmod(fd, 0600) < 0)
sysdie("cannot chmod ticket cache file");
code = krb5_cc_resolve(ctx, name, &new);
if (code != 0)
die_krb5(ctx, code, "error initializing new ticket cache");
old = *ccache;
/* ... */
*ccache = new;
return name;
}
I want to replace that hard-coded file location with something that
respects the system configuration for where such ticket caches should be
written. I think I need an interface where I pass in the user or the UID
or the like and get back either a krb5_ccache or a cache identifier that I
should use for a temporary ticket cache.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list