[32814] in Kerberos
Re: override default credentials cache file location
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Oct 14 15:13:16 2010
From: Greg Hudson <ghudson@mit.edu>
To: Zaar Hai <haizaar@gmail.com>
In-Reply-To: <AANLkTik44GKtwJBwysv8ONSeLdPQ-b+=SOO7U8qCHdmb@mail.gmail.com>
Date: Thu, 14 Oct 2010 15:13:09 -0400
Message-ID: <1287083589.19112.411.camel@ray>
Mime-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Thu, 2010-10-14 at 06:26 -0400, Zaar Hai wrote:
> I've thought of making default cache location to be
> /var/cars/krb5ccache which will be mounted to RAM, making above
> scenario much harder to execute.
Unfortunately, this appears to be hardcoded:
snprintf(name_buf, name_size, "FILE:/tmp/krb5cc_%ld", (long) getuid());
As Chris Ward points out, $KRB5CCNAME determines the default ccache
location on a per-process basis. If you're using pam_krb5, it will
typically set KRB5CCNAME for the login system, and you should be able to
instruct it to put the ccache somewhere other than /tmp; consult the
pam_krb5 man page on your system for details.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
