On Tue, Jan 29, 2002 at 03:57:40PM -0200, Andreas Hasenack wrote: > Any thoughts on having pam_krb5 or something else run kdestroy > when the user logouts from the workstation? It is essential that pam_krb5 do so. In order to handle this cleanly, pam_krb5 should by default establish a ccache using mktemp() (or the secure equivalent for a given platform) and store any credentials there, rather than trying to use a 'global' ccache such as /tmp/krb5cc_uid. This way, it's assured that any credentials in that ccache belong to the current session, and can be safely destroyed at logout. Steve Langasek postmodern programmer
