[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: pam_krb5 and user logout

From: Steve Langasek <vorlon netexpress net>
To: pam-list redhat com
Subject: Re: pam_krb5 and user logout
Date: Tue, 29 Jan 2002 12:04:01 -0600

On Tue, Jan 29, 2002 at 03:57:40PM -0200, Andreas Hasenack wrote:
> Any thoughts on having pam_krb5 or something else run kdestroy
> when the user logouts from the workstation?

It is essential that pam_krb5 do so.  In order to handle this cleanly, 
pam_krb5 should by default establish a ccache using mktemp() (or the
secure equivalent for a given platform) and store any credentials there, 
rather than trying to use a 'global' ccache such as /tmp/krb5cc_uid.  
This way, it's assured that any credentials in that ccache belong to the 
current session, and can be safely destroyed at logout.

Steve Langasek
postmodern programmer

Follow-Ups:
- Re: pam_krb5 and user logout
  - From: Mike Gerdts <Michael.Gerdts@usa.alcatel.com>

References:
- pam_krb5 and user logout
  - From: Andreas Hasenack <andreas@conectiva.com.br>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []