diff options
| author | Robbie Harwood <rharwood@redhat.com> | 2016-05-08 02:31:00 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2016-05-18 17:46:14 -0400 |
| commit | 6a0bc4f5cd46b1ab85dba5bd2de28f568cc947b0 (patch) | |
| tree | 8f1451065efa8afb840cde844b48cf1c3de5c6b0 /README | |
| parent | 6e746f91177902528e42ac982e965fe469aa8855 (diff) | |
| download | mod_auth_gssapi-6a0bc4f5cd46b1ab85dba5bd2de28f568cc947b0.tar.gz mod_auth_gssapi-6a0bc4f5cd46b1ab85dba5bd2de28f568cc947b0.tar.xz mod_auth_gssapi-6a0bc4f5cd46b1ab85dba5bd2de28f568cc947b0.zip | |
Implement unique ccache names
Unique ccache names may be requested using the GssapiDelegCcacheUnique
configuration option. This option is off by default. If both unique
ccache names and session use are enabled, then a mechanism for removing
old ccaches must be supplied.
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Also-authored-by: Petr Vobornik <pvoborni@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'README')
| -rw-r--r-- | README | 13 |
1 files changed, 13 insertions, 0 deletions
@@ -171,6 +171,19 @@ A user foo@EXAMPLE.COM delegating its credentials would cause the server to create a ccache file named /var/run/httpd/clientcaches/foo@EXAMPLE.COM +### GssapiDelegCcacheUnique + +Enables using unique ccache names for delegation. ccache files will be placed +in GssapiDelegCcacheDir and named using the principal and a six-digit unique +suffix. + +**Note:** Consuming application must delete the ccache otherwise it will +litter the filesystem if sessions are used. An example sweeper can be found +in the contrib directory. + +#### Example + GssapiDelegCcacheUnique On + ### GssapiUseS4U2Proxy Enables the use of the s4u2Proxy Kerberos extension also known as |