[PATCH] Do not use a central Kerberos ccache
Andrew Bartlett
abartlet at samba.org
Fri Sep 23 12:40:57 UTC 2016
On Fri, 2016-09-23 at 07:56 +0200, Andreas Schneider wrote:
> Hello,
>
> we should not use a central Kerberos credential cache (st/krb5ticket)
> but
> instead have one per environment.
>
> The attached patch addresses this.
This:
$ENV{PREFIX} = $prefix;
-$ENV{KRB5CCNAME} = "$prefix/krb5ticket";
$ENV{PREFIX_ABS} = $prefix_abs;
Seems to remove the code that forces the server processes to have a
sensible ccache. After that code is removed, the KRB5CCNAME for the
samba deamon seems to be ".samba" (I'm not sure by what mechanism
however). I got that by spying in /proc/$PID/environ in a testenv
before and after your patch.
So I would prefer we kept that, but then had a teardown assertion
(somehow) that it wans't used, either by the daemons or the
provision/join process.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list