Proposed new krb5 FILE ccache protocol
Russ Allbery
eagle at eyrie.org
Tue Jan 28 23:41:43 EST 2014
Nico Williams <nico at cryptonector.com> writes:
> The ancillary directory can be in $TMPDIR (we can assume at least /tmp),
> and the main file can be written by truncation as a fallback (with all
> the problems that that entails).
I'm dubious that the Kerberos libraries can safely assume that $TMPDIR or
/tmp are available. Do they currently assume that somewhere? (I'm
thinking of chroot cases, SELinux and other MAC use cases, jails,
namespace restrictions on Linux, etc.)
--
Russ Allbery (eagle at eyrie.org) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list