Slawa Olhovchenkov <s...@zxy.spb.ru> writes:
> Can you do some small discurs about ssh+kerberos?
> I am try to use FreeBSD with $HOME over kerberoized NFS.
> For kerberoized NFS gssd need to find cache file "called
> /tmp/krb5cc_<uid>, where <uid> is the effective uid for the RPC
> caller" (from `man gssd`).
>
> sshd contrary create cache file for received ticket called
> /tmp/krb5cc_XXXXXXX (random string, created by krb5_cc_new_unique). Is
> this strong security requirement or [FreeBSD/upstream] can be patched
> (or introduce option) to use /tmp/krb5cc_<uid> as cache file for
> received ticket?
I wasn't aware of that. It should be easy to patch, but in the
meantime, you can try something like this in .bashrc or whatever:
krb5cc_uid="/tmp/krb5cc_$(id -u)"
if [ -n "${KRB5CCNAME}" -a "${KRB5CCNAME}" != "${krb5ccuid}" ] ; then
if mv "${KRB5CCNAME}" "${krb5ccuid}" ; then
export KRB5CCNAME="${krb5ccuid}"
else
echo "Unable to rename krb5 credential cache" >&2
fi
fi
unset krb5ccuid
DES
--
Dag-Erling Smørgrav - d...@des.no
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
