On Tue, 2002-01-29 at 13:04, Steve Langasek wrote:
> On Tue, Jan 29, 2002 at 03:57:40PM -0200, Andreas Hasenack wrote:
> > Any thoughts on having pam_krb5 or something else run kdestroy
> > when the user logouts from the workstation?
>
> It is essential that pam_krb5 do so. In order to handle this cleanly,
> pam_krb5 should by default establish a ccache using mktemp() (or the
> secure equivalent for a given platform) and store any credentials there,
> rather than trying to use a 'global' ccache such as /tmp/krb5cc_uid.
> This way, it's assured that any credentials in that ccache belong to the
> current session, and can be safely destroyed at logout.
>
To make this work with Solaris with GSS-API'd file systems, how about
the first login creates /tmp/krb5cc_uid and creats a hard link with a
random name to that file. Each subsequent login by the same user would
add another hard link. When logout happens, if nlink on /tmp/krb5cc_uid
is 2, then it removes /tmp/krb5cc_uid and its private copy of it. Else,
it only removes its private copy.
Of course, this has to have some cooperation from things that may want
to update the credential cache with something like:
open(/tmp/newfile)
write(newfile, data)
close(newfile)
rename(/tmp/newfile, /tmp/oldfile)
Perhaps that last part is the deal breaker on this scheme.
Mike
