On Tue, Jan 31, 2017 at 02:49:41PM +0100, Florian Weimer wrote: > On 01/31/2017 02:38 PM, Jakub Hrozek wrote: > > On Tue, Jan 31, 2017 at 02:36:12PM +0100, Florian Weimer wrote: > > > On 01/31/2017 10:36 AM, David Woodhouse wrote: > > > > Please ensure this works with winbind. The switch to KEYRING: by > > > > default didn't — pam_winbind was putting creds in /tmp/krb5cc_$UID > > > > still, and then they weren't consistently being found there. > > > > > > OpenJDK could be affected by this as well. > > > > Does OpenJDK work with KERING now or only handles FILE? > > Hmm. I assumed it handled KEYRING:, but both jdk8 and jdk9 only seem to > implement FILE:. So this change shouldn't result in a regression.
Right, thanks for checking. The use-case you are describing is also something we would like to tackle with KCM, although we haven't started implementing this piece yet at all -- we would like to make it possible, either via a new UNIX socket exposed by KCM or via some other shim layer to format a FILE: ccache with a particular principal to some location so that we can use a modern collection-aware credential cache, but keep using software like JDK that only handles FILE.. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
