Proposed new krb5 FILE ccache protocol

Nico Williams nico at
Wed Jan 29 00:01:58 EST 2014

On Tue, Jan 28, 2014 at 10:41 PM, Russ Allbery <eagle at> wrote:
> Nico Williams <nico at> writes:
>> The ancillary directory can be in $TMPDIR (we can assume at least /tmp),
>> and the main file can be written by truncation as a fallback (with all
>> the problems that that entails).
> I'm dubious that the Kerberos libraries can safely assume that $TMPDIR or
> /tmp are available.  Do they currently assume that somewhere?  (I'm
> thinking of chroot cases, SELinux and other MAC use cases, jails,
> namespace restrictions on Linux, etc.)

Good question.  It's not about what POSIX says either.  All bets are
off with chroot (since it's up to who sets up the space to chroot
into).  As for jails and such, I very much expect them to have a /tmp
if they are to be general-purpose.


More information about the krbdev mailing list