Bug 831738

Summary: pam_systemd.so should create /run/user/username/credcache
Product: [Fedora] Fedora Reporter: Stephen Gallagher <sgallagh>
Component: systemdAssignee: systemd-maint
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: rawhideCC: johannbg, lnykryn, metherid, msekleta, notting, plautrba, systemd-maint
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-13 18:34:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 831740    

Description Stephen Gallagher 2012-06-13 16:42:43 UTC 
Description of problem:
As part of the https://fedoraproject.org/wiki/Features/KRB5DirCache and https://fedoraproject.org/wiki/Features/KRB5CacheMove Features for Fedora 18, SSSD and pam_krb5.so will be switching to using a directory-based credential cache that can support concurrent logins to multiple Kerberos realms.

We'd like to avoid polluting the /run/user/username directory and would like to ask that pam_systemd.so to create a subdirectory named 'credcache' that we can use for this purpose.

We would prefer that this be done by systemd so that we don't need to add directory-creation logic into multiple potential consumers. (SSSD, pam_krb5, GNOME and kinit come readily to mind). It would be simpler to solve it once in pam_systemd.

Version-Release number of selected component (if applicable):
systemd-185-5.gita2368a3.fc18
Comment 1 Stephen Gallagher 2012-06-13 18:34:38 UTC 
Scratch this. Kerberos upstream has agreed to grow this capability in libkrb5 for 1.11.

In the meantime, we'll implement a limited version in SSSD.