Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

krb5 keyring ccache

Russ Allbery eagle at windlord.stanford.edu
Fri May 4 08:34:45 PDT 2012


Benjamin Coddington <bcodding at uvm.edu> writes:

> We're interested in using linux session keyrings to hold krb5
> credentials acquired through webauth.  I'd like to propose one approach.

> If acceptable, I'd be happy to submit the required changes to include
> documentation and config requirements.

> This approach reuses the existing WebAuthCredCacheDir directive by
> passing it along unchanged if it begins with "KEYRING:" to
> webauth_krb5_init_via_cred -> krb5_cc_resolve.

Looks like a great idea to me.  The only change that I'd recommend is
that, rather than special-case KEYRING, instead preserve the current
behavior only if the argument begins with FILE: or doesn't begin with a
cache type.  Most other cache types, like KEYRING, aren't file system
caches and should be treated the same way that you're treating KEYRING.

Thanks for this!

-- 
Russ Allbery <eagle at windlord.stanford.edu>
Technical Lead, ITS Infrastructure Delivery Group, Stanford University


More information about the webauth-info mailing list