Date: 02 Nov 1999 21:54:51 +0100 From: Bjoern Groenvall <bg@sics.se> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: freebsd-security@freebsd.org Subject: Re: Kerberos tickets in /tmp -- or somewhere else? Message-ID: <wuogdc8vhg.fsf@bg.sics.se> In-Reply-To: Robert Watson's message of Tue, 19 Oct 1999 09:57:59 -0400 (EDT) References: <Pine.BSF.3.96.991019094445.33499A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson <robert@cyrus.watson.org> writes: > Does anyone know if there's a way to make our default-installed K4 move > it's tickets somewhere other than /tmp without rebuilding? /tmp on my > busy machines gets filled with ticket files (sometimes many for a > particular user with different variations on the same name). On CMU's > Andrew workstations, they make use of a /tkt with restrictive access > rights for ticket files, which can be cleaned seperately from /tmp, and > more importantly, in a different namespace. > > It sounds like the kind of thing that's hardcoded (and if I remember from > my last source inspection, it is), but perhaps we could make it something > configurable? I guess there is no tradition of a /etc/kerberosIV/krb.rc > (.conf already taken) with a configuration namespace and names/values > :-). This could also be used to configure other host-based > policy--maximum ticket lifespans that the library should acquire, defaults > for ticket-passing behavior once we get K5, etc. In krb4-current it is now possible to define the default ticket prefix in /etc/krb.extra. If you put the variable declaration krb_default_tkt_root = /tkt/tkt in krb.extra then ticket files will be saved in /tkt. If you would like to have a patch (relative krb4) for this change, just ask, but you are probably not interested in rebuilding anyways. The change will probably be merged into FreeBSD at some later point. Cheers, Björn -- _ _ ,_______________. Bjorn Gronvall (Björn Grönvall) /_______________/| Swedish Institute of Computer Science | || PO Box 1263, S-164 29 Kista, Sweden | Schroedingers || Email: bg@sics.se, Phone +46 -8 633 15 25 | Cat |/ Cellular +46 -70 768 06 35, Fax +46 -8 751 72 30 `---------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?wuogdc8vhg.fsf>