Date: Tue, 30 Jan 2001 12:20:42 +0200 From: Sheldon Hearn <sheldonh@uunet.co.za> To: Stu Pidaso <grim@octet.com> Cc: "Jacques A. Vidrine" <n@nectar.com>, freebsd-security@freebsd.org Subject: Re: cvs commit: src/usr.bin/login login.c Message-ID: <7897.980850042@axl.fw.uunet.co.za> In-Reply-To: Your message of "Tue, 30 Jan 2001 05:08:09 EST." <Pine.BSI.3.96.1010130050213.22700A-100000@ns3.octet.com>
index | next in thread | previous in thread | raw e-mail
On Tue, 30 Jan 2001 05:08:09 EST, Stu Pidaso wrote:
> > # Destroy all stale Kerberos5 tickets
> > #
> > for i in `find /tmp -name 'krb5cc_*' -ctime +1 -print` ; do
> > rm -f $i
> > done
>
> and now you can delete you can delete any file in /tmp.
>
> touch 'krb5cc_1 somefileintmp' and wait.
Well spotted.
find /tmp -name 'krb5cc_*' -ctime +1 -exec rm -f {} \;
I don't use -delete because it's not portable.
Of course, the problem is that maximum ticket lifetime is a site-
configurable value, which is why it _doesn't_ make sense to put this job
in /etc/crontab in the base system.
The problem is that you can end up with a large number of stale files in
/tmp if you rely on users to run kdestroy religiously.
Ciao,
Sheldon.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7897.980850042>