831738 – pam_systemd.so should create /run/user/username/credcache

Bug 831738 - pam_systemd.so should create /run/user/username/credcache

Summary: pam_systemd.so should create /run/user/username/credcache

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	systemd
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	systemd-maint
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	831740
TreeView+	depends on / blocked

Reported:	2012-06-13 16:42 UTC by Stephen Gallagher
Modified:	2012-06-13 18:34 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2012-06-13 18:34:38 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Stephen Gallagher 2012-06-13 16:42:43 UTC

Description of problem:
As part of the https://fedoraproject.org/wiki/Features/KRB5DirCache and https://fedoraproject.org/wiki/Features/KRB5CacheMove Features for Fedora 18, SSSD and pam_krb5.so will be switching to using a directory-based credential cache that can support concurrent logins to multiple Kerberos realms.

We'd like to avoid polluting the /run/user/username directory and would like to ask that pam_systemd.so to create a subdirectory named 'credcache' that we can use for this purpose.

We would prefer that this be done by systemd so that we don't need to add directory-creation logic into multiple potential consumers. (SSSD, pam_krb5, GNOME and kinit come readily to mind). It would be simpler to solve it once in pam_systemd.

Version-Release number of selected component (if applicable):
systemd-185-5.gita2368a3.fc18

Comment 1 Stephen Gallagher 2012-06-13 18:34:38 UTC

Scratch this. Kerberos upstream has agreed to grow this capability in libkrb5 for 1.11.

In the meantime, we'll implement a limited version in SSSD.

Note You need to log in before you can comment on or make changes to this bug.