summaryrefslogtreecommitdiffstats
path: root/src/providers
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2011-11-11 16:59:21 -0500
committerStephen Gallagher <sgallagh@redhat.com>2011-11-22 10:50:48 -0500
commite369fc08906383e6d5c39832f31bb6600a33f887 (patch)
treee9f3868b0656f971c94ae06871c621653596c885 /src/providers
parent98e0f08e3de3f8f035790adcd614cff6bf6dd34d (diff)
downloadsssd-e369fc08906383e6d5c39832f31bb6600a33f887.tar.gz
sssd-e369fc08906383e6d5c39832f31bb6600a33f887.tar.xz
sssd-e369fc08906383e6d5c39832f31bb6600a33f887.zip
Set more strict permissions on keyring
We want to confine access to the keyring to the current process and not let root easily peek into the keyring contents.
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/krb5/krb5_delayed_online_authentication.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_delayed_online_authentication.c b/src/providers/krb5/krb5_delayed_online_authentication.c
index 02f09919a..d5dea3bb4 100644
--- a/src/providers/krb5/krb5_delayed_online_authentication.c
+++ b/src/providers/krb5/krb5_delayed_online_authentication.c
@@ -258,7 +258,7 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
#ifdef USE_KEYRING
new_pd->key_serial = add_key("user", new_pd->user, new_pd->authtok,
- new_pd->authtok_size, KEY_SPEC_THREAD_KEYRING);
+ new_pd->authtok_size, KEY_SPEC_SESSION_KEYRING);
if (new_pd->key_serial == -1) {
ret = errno;
DEBUG(1, ("add_key fialed [%d][%s].\n", ret, strerror(ret)));