On Thu, Apr 19, 2001 at 11:09:22AM -0500, Steve Langasek wrote: > On Wed, 18 Apr 2001, Nicolas Williams wrote: > > Choose a secure default value for the cache permissions, yes. If there's no > associated local user, give the cache file mode 0600 and leave it owned by the > euid of the application. Doesn't the krb5 cc lib do that already? > Suppose I have a web application that does Kerberos+AFS authentication using > PAM. The webserver is never going to have sufficient permissions to chown > the file anyway, so having a local user associated with the Kerberos principal > isn't terribly important; but having pam_sm_setcred() correctly create & > destroy the ccache makes all the difference if the web app tries to access > AFS. Right. > > I think we might want to make such behaviour optional. > > Too many options :) Is there ever a case where doing setcred() for a > non-local user and just not chowning the cache would be detrimental to > security? :) Ok. If setcred() gets called it means the app wants to init creds even though there's no Unix user -- the sysadmin can always specify the noccache option with such services. [...] > Steve Langasek > postmodern programmer Nico --