[PATCHSET] add support for DIR: based credential caches
Andrew Bartlett
abartlet at samba.org
Tue Jul 23 13:58:34 MDT 2013
On Tue, 2013-07-23 at 15:31 +0200, Guenther Deschner wrote:
> Hi Jeremy,
>
> On 22/07/13 21:57, Jeremy Allison wrote:
> > On Mon, Jul 22, 2013 at 02:03:44PM +0200, Guenther Deschner wrote:
> >> Hi,
> >>
> >> attached find some patches to add support for DIR: based krb5
> >> credential caches in kerberized pam_winbind logons. The
> >> pam_winbind.conf configuration file now also allows to define
> >> custom patterns for DIR: and FILE: paths including numeric uid
> >> substitution using "%u".
> >
> > This:
> >
> >> + if (strequal(type, "DIR")) { +
> >> gen_cc = talloc_asprintf( + mem_ctx,
> >> "DIR:/run/user/%d/krb5cc", uid); + }
> >
> > Looks rather Linux-only'ish :-).
> >
> > Is there an alternative/parameterization for other systems ?
>
> What do you mean ? The patchset also includes code to allow things
> like "krb5_ccache_type = DIR:/any/other/directory/%u/ccache" in
> /etc/security/pam_winbind.conf.
>
> Should we make the shortcut via just "DIR" also changeable via configure ?
Do the other providers/consumers of this allow it to be in a different
default location? Extra dynconfig configure options are easy, but we
should not add them unless we need them to avoid clutter.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list