Re: pam_krb5 and user logout

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jan 29, 2002 at 03:57:40PM -0200, Andreas Hasenack wrote:
> Any thoughts on having pam_krb5 or something else run kdestroy
> when the user logouts from the workstation?

It is essential that pam_krb5 do so.  In order to handle this cleanly, 
pam_krb5 should by default establish a ccache using mktemp() (or the
secure equivalent for a given platform) and store any credentials there, 
rather than trying to use a 'global' ccache such as /tmp/krb5cc_uid.  
This way, it's assured that any credentials in that ccache belong to the 
current session, and can be safely destroyed at logout.

Steve Langasek
postmodern programmer





[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux