From 8ae0fc769b419e16ce7804bd516f7c2d03ce8471 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Wed, 22 Feb 2012 07:53:56 -0500 Subject: [PATCH] FEDORA: Change Kerberos credential cache default location On Fedora, we need to default to using /run/user/%u for credential caches for improved security and to simplify rpc.gssd locating the cache for use with NFS. --- src/man/sssd-krb5.5.xml | 4 ++-- src/providers/krb5/krb5_common.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml index 247337a90a80b078d0395b27a02e5ea2c72a5ce8..cc10dc149c407450a59f39ebc2de0ac95e33028e 100644 --- a/src/man/sssd-krb5.5.xml +++ b/src/man/sssd-krb5.5.xml @@ -148,7 +148,7 @@ for details) is created. - Default: /tmp + Default: /run/user/%u @@ -206,7 +206,7 @@ used to create a unique filename in a safe way. - Default: FILE:%d/krb5cc_%U_XXXXXX + Default: FILE:%d/krb5cc diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index c2cb94b61463cbdaf3f4fa5a5cb311af55b4b960..e3a74697249a8dd10907beaeaef415a48c3c30a9 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -34,8 +34,8 @@ struct dp_option default_krb5_opts[] = { { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - { "krb5_ccachedir", DP_OPT_STRING, { "/tmp" }, NULL_STRING }, - { "krb5_ccname_template", DP_OPT_STRING, { "FILE:%d/krb5cc_%U_XXXXXX" }, NULL_STRING}, + { "krb5_ccachedir", DP_OPT_STRING, { "/run/user/%u" }, NULL_STRING }, + { "krb5_ccname_template", DP_OPT_STRING, { "FILE:%d/krb5cc" }, NULL_STRING}, { "krb5_auth_timeout", DP_OPT_NUMBER, { .number = 15 }, NULL_NUMBER }, { "krb5_keytab", DP_OPT_STRING, { "/etc/krb5.keytab" }, NULL_STRING }, { "krb5_validate", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, -- 1.7.7.6