From owner-freebsd-security Fri Feb 2 3:22:53 2001 Delivered-To: freebsd-security@freebsd.org Received: from mobile.wemm.org (c1315225-a.plstn1.sfba.home.com [65.0.135.147]) by hub.freebsd.org (Postfix) with ESMTP id 9476537B401 for ; Fri, 2 Feb 2001 03:22:35 -0800 (PST) Received: from netplex.com.au (localhost [127.0.0.1]) by mobile.wemm.org (8.11.1/8.11.1) with ESMTP id f12BK2W25943; Fri, 2 Feb 2001 03:20:02 -0800 (PST) (envelope-from peter@netplex.com.au) Message-Id: <200102021120.f12BK2W25943@mobile.wemm.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Sheldon Hearn Cc: Stu Pidaso , "Jacques A. Vidrine" , freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/login login.c In-Reply-To: <7897.980850042@axl.fw.uunet.co.za> Date: Fri, 02 Feb 2001 03:20:02 -0800 From: Peter Wemm Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sheldon Hearn wrote: > > > On Tue, 30 Jan 2001 05:08:09 EST, Stu Pidaso wrote: > > > > # Destroy all stale Kerberos5 tickets > > > # > > > for i in `find /tmp -name 'krb5cc_*' -ctime +1 -print` ; do > > > rm -f $i > > > done > > > > and now you can delete you can delete any file in /tmp. > > > > touch 'krb5cc_1 somefileintmp' and wait. > > Well spotted. > > find /tmp -name 'krb5cc_*' -ctime +1 -exec rm -f {} \; > > I don't use -delete because it's not portable. > > Of course, the problem is that maximum ticket lifetime is a site- > configurable value, which is why it _doesn't_ make sense to put this job > in /etc/crontab in the base system. > > The problem is that you can end up with a large number of stale files in > /tmp if you rely on users to run kdestroy religiously. Well, if the patches to add proper PAM session support to login etc get committed then there is an opportunity for the end-of-session cleanup to do this automatically. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message