diff options
| author | Simo Sorce <simo@redhat.com> | 2017-11-16 15:39:01 -0500 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2017-11-16 16:28:28 -0500 |
| commit | 799c0303440e66004b4517e66d7f2852cfd313e4 (patch) | |
| tree | 294e1eb2acf0dfe3f043d5be13f6de28e16e4f48 /utils/gssd/gssd.h | |
| parent | 8d9bf479441d9d7a44a86b69026a7e9d431d3ade (diff) | |
| download | nfs-utils-fixrootccache.tar.gz nfs-utils-fixrootccache.tar.xz nfs-utils-fixrootccache.zip | |
Avoid clobbering root's ccache if possiblefixrootccache
If the gssapi library is modern enough, store the ccache in a process
scoped keyring by default. This will avoid clobbering root's default
ccache, and keep the creds from littering the filesystem.
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'utils/gssd/gssd.h')
| -rw-r--r-- | utils/gssd/gssd.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/utils/gssd/gssd.h b/utils/gssd/gssd.h index f4f5975..88839f6 100644 --- a/utils/gssd/gssd.h +++ b/utils/gssd/gssd.h @@ -45,6 +45,7 @@ #define GSSD_DEFAULT_CRED_DIR "/tmp" #define GSSD_USER_CRED_DIR "/run/user/%U" +#define GSSD_SECURE_MACHINE_CACHE "KEYRING:process:gssd_ccache" #define GSSD_DEFAULT_CRED_PREFIX "krb5cc" #define GSSD_DEFAULT_MACHINE_CRED_SUFFIX "machine" #define GSSD_DEFAULT_KEYTAB_FILE "/etc/krb5.keytab" |