2012-05-11 20:02:54 +00:00
|
|
|
From 05c49dd916dcbea2ce8f6a6b14fd54a5c67fd6db Mon Sep 17 00:00:00 2001
|
2012-02-22 14:11:05 +00:00
|
|
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
Date: Wed, 22 Feb 2012 07:53:56 -0500
|
2012-05-24 12:23:25 +00:00
|
|
|
Subject: [PATCH 01/19] FEDORA: Change Kerberos credential cache default
|
|
|
|
location
|
2012-02-22 14:11:05 +00:00
|
|
|
|
|
|
|
On Fedora, we need to default to using /run/user/%u for credential
|
|
|
|
caches for improved security and to simplify rpc.gssd locating the
|
|
|
|
cache for use with NFS.
|
|
|
|
---
|
2012-05-11 20:02:54 +00:00
|
|
|
src/man/sssd-krb5.5.xml | 4 ++--
|
|
|
|
src/providers/krb5/krb5_opts.h | 2 +-
|
|
|
|
2 files changed, 3 insertions(+), 3 deletions(-)
|
2012-02-22 14:11:05 +00:00
|
|
|
|
|
|
|
diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml
|
|
|
|
index 247337a90a80b078d0395b27a02e5ea2c72a5ce8..cc10dc149c407450a59f39ebc2de0ac95e33028e 100644
|
|
|
|
--- a/src/man/sssd-krb5.5.xml
|
|
|
|
+++ b/src/man/sssd-krb5.5.xml
|
|
|
|
@@ -148,7 +148,7 @@
|
|
|
|
</citerefentry> for details) is created.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
- Default: /tmp
|
|
|
|
+ Default: /run/user/%u
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
|
|
|
@@ -206,7 +206,7 @@
|
|
|
|
used to create a unique filename in a safe way.
|
|
|
|
</para>
|
|
|
|
<para>
|
|
|
|
- Default: FILE:%d/krb5cc_%U_XXXXXX
|
|
|
|
+ Default: FILE:%d/krb5cc
|
|
|
|
</para>
|
|
|
|
</listitem>
|
|
|
|
</varlistentry>
|
2012-05-11 20:02:54 +00:00
|
|
|
diff --git a/src/providers/krb5/krb5_opts.h b/src/providers/krb5/krb5_opts.h
|
|
|
|
index 7f47290c961ce6455e0d123e9ec14c7add39d28d..ff1863b98524eab1d175e06253e78cafa15b3f2d 100644
|
|
|
|
--- a/src/providers/krb5/krb5_opts.h
|
|
|
|
+++ b/src/providers/krb5/krb5_opts.h
|
|
|
|
@@ -29,7 +29,7 @@ struct dp_option default_krb5_opts[] = {
|
2012-02-22 14:11:05 +00:00
|
|
|
{ "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
|
|
|
|
{ "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
|
2012-05-11 20:02:54 +00:00
|
|
|
{ "krb5_ccachedir", DP_OPT_STRING, { "/tmp" }, NULL_STRING },
|
2012-02-22 14:11:05 +00:00
|
|
|
- { "krb5_ccname_template", DP_OPT_STRING, { "FILE:%d/krb5cc_%U_XXXXXX" }, NULL_STRING},
|
2012-05-11 20:02:54 +00:00
|
|
|
+ { "krb5_ccname_template", DP_OPT_STRING, { "/run/user/%u" }, NULL_STRING},
|
2012-02-22 14:11:05 +00:00
|
|
|
{ "krb5_auth_timeout", DP_OPT_NUMBER, { .number = 15 }, NULL_NUMBER },
|
|
|
|
{ "krb5_keytab", DP_OPT_STRING, { "/etc/krb5.keytab" }, NULL_STRING },
|
|
|
|
{ "krb5_validate", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
|
|
|
|
--
|
2012-05-11 20:02:54 +00:00
|
|
|
1.7.10.1
|
2012-02-22 14:11:05 +00:00
|
|
|
|