diff options
author | Simo Sorce <ssorce@redhat.com> | 2011-11-11 16:59:21 -0500 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-11-22 10:50:48 -0500 |
commit | e369fc08906383e6d5c39832f31bb6600a33f887 (patch) | |
tree | e9f3868b0656f971c94ae06871c621653596c885 /src/providers | |
parent | 98e0f08e3de3f8f035790adcd614cff6bf6dd34d (diff) | |
download | sssd-e369fc08906383e6d5c39832f31bb6600a33f887.tar.gz sssd-e369fc08906383e6d5c39832f31bb6600a33f887.tar.xz sssd-e369fc08906383e6d5c39832f31bb6600a33f887.zip |
Set more strict permissions on keyring
We want to confine access to the keyring to the current process
and not let root easily peek into the keyring contents.
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/krb5/krb5_delayed_online_authentication.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/providers/krb5/krb5_delayed_online_authentication.c b/src/providers/krb5/krb5_delayed_online_authentication.c index 02f09919..d5dea3bb 100644 --- a/src/providers/krb5/krb5_delayed_online_authentication.c +++ b/src/providers/krb5/krb5_delayed_online_authentication.c @@ -258,7 +258,7 @@ errno_t add_user_to_delayed_online_authentication(struct krb5_ctx *krb5_ctx, #ifdef USE_KEYRING new_pd->key_serial = add_key("user", new_pd->user, new_pd->authtok, - new_pd->authtok_size, KEY_SPEC_THREAD_KEYRING); + new_pd->authtok_size, KEY_SPEC_SESSION_KEYRING); if (new_pd->key_serial == -1) { ret = errno; DEBUG(1, ("add_key fialed [%d][%s].\n", ret, strerror(ret))); |