Red Hat Bugzilla – Bug 831738
pam_systemd.so should create /run/user/username/credcache
Last modified: 2012-06-13 14:34:38 EDT
Description of problem:
As part of the https://fedoraproject.org/wiki/Features/KRB5DirCache and https://fedoraproject.org/wiki/Features/KRB5CacheMove Features for Fedora 18, SSSD and pam_krb5.so will be switching to using a directory-based credential cache that can support concurrent logins to multiple Kerberos realms.
We'd like to avoid polluting the /run/user/username directory and would like to ask that pam_systemd.so to create a subdirectory named 'credcache' that we can use for this purpose.
We would prefer that this be done by systemd so that we don't need to add directory-creation logic into multiple potential consumers. (SSSD, pam_krb5, GNOME and kinit come readily to mind). It would be simpler to solve it once in pam_systemd.
Version-Release number of selected component (if applicable):
Scratch this. Kerberos upstream has agreed to grow this capability in libkrb5 for 1.11.
In the meantime, we'll implement a limited version in SSSD.