Bug 831738 - pam_systemd.so should create /run/user/username/credcache
pam_systemd.so should create /run/user/username/credcache
Product: Fedora
Classification: Fedora
Component: systemd (Show other bugs)
All Linux
unspecified Severity high
: ---
: ---
Assigned To: systemd-maint
Fedora Extras Quality Assurance
Depends On:
Blocks: 831740
  Show dependency treegraph
Reported: 2012-06-13 12:42 EDT by Stephen Gallagher
Modified: 2012-06-13 14:34 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-13 14:34:38 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Stephen Gallagher 2012-06-13 12:42:43 EDT
Description of problem:
As part of the https://fedoraproject.org/wiki/Features/KRB5DirCache and https://fedoraproject.org/wiki/Features/KRB5CacheMove Features for Fedora 18, SSSD and pam_krb5.so will be switching to using a directory-based credential cache that can support concurrent logins to multiple Kerberos realms.

We'd like to avoid polluting the /run/user/username directory and would like to ask that pam_systemd.so to create a subdirectory named 'credcache' that we can use for this purpose.

We would prefer that this be done by systemd so that we don't need to add directory-creation logic into multiple potential consumers. (SSSD, pam_krb5, GNOME and kinit come readily to mind). It would be simpler to solve it once in pam_systemd.

Version-Release number of selected component (if applicable):
Comment 1 Stephen Gallagher 2012-06-13 14:34:38 EDT
Scratch this. Kerberos upstream has agreed to grow this capability in libkrb5 for 1.11.

In the meantime, we'll implement a limited version in SSSD.

Note You need to log in before you can comment on or make changes to this bug.