[PATCHSET] add support for DIR: based credential caches

Guenther Deschner gd at samba.org
Tue Jul 23 07:31:08 MDT 2013


Hi Jeremy,

On 22/07/13 21:57, Jeremy Allison wrote:
> On Mon, Jul 22, 2013 at 02:03:44PM +0200, Guenther Deschner wrote:
>> Hi,
>> 
>> attached find some patches to add support for DIR: based krb5
>> credential caches in kerberized pam_winbind logons. The
>> pam_winbind.conf configuration file now also allows to define
>> custom patterns for DIR: and FILE: paths including numeric uid
>> substitution using "%u".
> 
> This:
> 
>> +             if (strequal(type, "DIR")) { +
>> gen_cc = talloc_asprintf( +                             mem_ctx,
>> "DIR:/run/user/%d/krb5cc", uid); +             }
> 
> Looks rather Linux-only'ish :-).
> 
> Is there an alternative/parameterization for other systems ?

What do you mean ? The patchset also includes code to allow things
like "krb5_ccache_type = DIR:/any/other/directory/%u/ccache" in
/etc/security/pam_winbind.conf.

Should we make the shortcut via just "DIR" also changeable via configure ?


Thanks,
Guenther
-- 
Günther Deschner                    GPG-ID: 8EE11688
Red Hat                         gdeschner at redhat.com
Samba Team                              gd at samba.org


More information about the samba-technical mailing list