Bug 1267366 - [BACKPORT] default_ccache_name and cache type KEYRING
[BACKPORT] default_ccache_name and cache type KEYRING
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: krb5 (Show other bugs)
All Linux
unspecified Severity unspecified
: rc
: ---
Assigned To: Robbie Harwood
BaseOS QE Security Team
Depends On:
  Show dependency treegraph
Reported: 2015-09-29 15:31 EDT by Pat Riehecky
Modified: 2015-10-07 12:36 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-10-07 12:36:59 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Pat Riehecky 2015-09-29 15:31:35 EDT
Description of problem:
In RHEL7 the default krb5.conf includes:

default_ccache_name = KEYRING:persistent:%{uid}

This provides greater protection than the current file based ticket store.

Can this be backported from MIT Kerberos 1.11?

Version-Release number of selected component (if applicable): 	krb5-1.10.3-42.el6

How reproducible:100%

Steps to Reproduce:
1.Attempt to utilize the default_ccache_name to enable a KEYRING store

Actual results:
Feature not available.  

Expected results:

Additional info:
Comment 2 Robbie Harwood 2015-10-07 12:36:59 EDT
The backport here is non-trivial and I'd prefer not to make changes this large this late into 6.  However, as you mention, if these features are needed, RHEL7 has them.

Note You need to log in before you can comment on or make changes to this bug.