Proposed new krb5 FILE ccache protocol

Russ Allbery eagle at
Tue Jan 28 23:41:43 EST 2014

Nico Williams <nico at> writes:

> The ancillary directory can be in $TMPDIR (we can assume at least /tmp),
> and the main file can be written by truncation as a fallback (with all
> the problems that that entails).

I'm dubious that the Kerberos libraries can safely assume that $TMPDIR or
/tmp are available.  Do they currently assume that somewhere?  (I'm
thinking of chroot cases, SELinux and other MAC use cases, jails,
namespace restrictions on Linux, etc.)

Russ Allbery (eagle at              <>

More information about the krbdev mailing list