Fedora ticket cache location
Nico Williams
nico at cryptonector.com
Thu Jun 7 16:45:24 EDT 2012
On Thu, Jun 7, 2012 at 3:32 PM, Russ Allbery <rra at stanford.edu> wrote:
> Nico Williams <nico at cryptonector.com> writes:
>> On Thu, Jun 7, 2012 at 3:17 PM, Russ Allbery <rra at stanford.edu> wrote:
>
>>> I want to replace that hard-coded file location with something that
>>> respects the system configuration for where such ticket caches should
>>> be written. I think I need an interface where I pass in the user or
>>> the UID or the like and get back either a krb5_ccache or a cache
>>> identifier that I should use for a temporary ticket cache.
>
>> If you want to pass in a UID.. that's not portable (a username would be
>> OK though). And you'll probably also want to pass in a PID, PAG, ...
>> All not portable.
>
> I want a temporary ticket cache, so I'm not particularly interested in PID
That wasn't clear.
> or PAG for this particular purpose. You're going to hand me back a new
> unique cache and then I'll handle visibility from there. Although I
> realize I may need to give you a hint for keyring caches so that you can
> set up appropriate permissions.
The problem is that if you want NFS/AFS/SMB/... to know how to find
and use this temporary ccache... how will they do that? The
traditional answers have been:
- Solaris NFS -> use per-user default; no temp ccaches, sorry
- AFS -> set PAG, set tokens
- Linux NFS -> use keyrings(?)
I think in general when you say "temporary ccache" you want either a)
something that NFS/AFS/SMB won't use, or b) a new session so they can
find your credentials.
Nico
--
More information about the krbdev
mailing list