On Tue, Jan 29, 2002 at 01:37:21PM -0500, Mike Gerdts wrote: > On Tue, 2002-01-29 at 13:04, Steve Langasek wrote: > > On Tue, Jan 29, 2002 at 03:57:40PM -0200, Andreas Hasenack wrote: > > > Any thoughts on having pam_krb5 or something else run kdestroy > > > when the user logouts from the workstation? > > It is essential that pam_krb5 do so. In order to handle this cleanly, > > pam_krb5 should by default establish a ccache using mktemp() (or the > > secure equivalent for a given platform) and store any credentials there, > > rather than trying to use a 'global' ccache such as /tmp/krb5cc_uid. > > This way, it's assured that any credentials in that ccache belong to the > > current session, and can be safely destroyed at logout. > To make this work with Solaris with GSS-API'd file systems, how about > the first login creates /tmp/krb5cc_uid and creats a hard link with a > random name to that file. Each subsequent login by the same user would > add another hard link. When logout happens, if nlink on /tmp/krb5cc_uid > is 2, then it removes /tmp/krb5cc_uid and its private copy of it. Else, > it only removes its private copy. It's not clear to me why Solaris needs the credentials to be in /tmp/krb5cc_uid. Does the Kerberos implementation used by Solaris not look to $KRB5CCNAME for the name of its ccache? If that's the case, then certainly the scheme can be modified to accomodate special needs; the important thing is that credentials files are cleaned up when they're no longer used, rather than leaving them lying around on the filesystem. Steve Langasek postmodern programmer
Attachment:
pgp00035.pgp
Description: PGP signature
