Opened 4 years ago

Closed 4 years ago

#6 closed defect (fixed)

Cannot override default credential cache location

Reported by: Lewis Rosenthal Owned by:
Priority: major Milestone: Heimdal - 1.5.3
Component: general Version: Heimdal - 1.5.3
Keywords: credential cache, ticket cache Cc:

Description

This is the real issue underlying #2, I think.

Documentation says that the default credential location, DEFCCNAME, hardcoded as FILE:/tmp/krb5cc_%{uid} on *nix systems (see http://web.mit.edu/kerberos/krb5-1.12/doc/mitK5defaults.html#paths) may be overridden either by setting default_ccache_name in krb5.conf or by setting the env var, KRB5CCNAME. However, it appears that neither of these actually override DEFCCNAME.

Workarounds include ensuring that the klibc path rewriter is installed or even manually creating \tmp on the same volume on which the session is currently logged.

Change History (9)

comment:1 Changed 4 years ago by Lewis Rosenthal

Component: distributiongeneral

comment:2 Changed 4 years ago by Lewis Rosenthal

It seems that with:

7-04-15 6:02 160,318 124 klist.exe

Environment variables work for, say:

[c:\]set KRB5CCNAME=FILE:%TEMP%/krb5cc_0

but setting default_ccache_name in the [libdefaults] section of krb5.conf as:

default_ccache_name = FILE:%{TEMP}/krb5cc_%{uid}

does not. I can't tell whether the parameter expansion is completely skipped, but we fall back on the compiled default of /tmp/krb5cc_0.

So, this one is half fixed, I think. ;-)

comment:3 Changed 4 years ago by Paul Smedley

Those docs are for MIT kerberos, not heimdal.... not sure that heimdal supports this statement

comment:4 Changed 4 years ago by Paul Smedley

ok, so default_cc_name is the correct value for heimdal. It fails as it's splitting the path based on a colon. so with home=c:/home/default it tries to load krb5.conf first from c then from /home/default

comment:5 Changed 4 years ago by Lewis Rosenthal

Oops, yes, I should have translated that to Heimdal; sorry. Pesky colon thing, again, I see.

comment:6 Changed 4 years ago by Paul Smedley

Test fix sent to @lewisr - once confirmed OK I'll checkin the fix to svn

comment:7 Changed 4 years ago by Lewis Rosenthal

Fix works for me, though I think we should look in %ETC% for krb5.conf and not in %HOME%.

We rightly expand %{uid} and %{TEMP} (though not %TEMP%, understandably) in the conf.

comment:8 Changed 4 years ago by Paul Smedley

comment:9 Changed 4 years ago by Lewis Rosenthal

Resolution: fixed
Status: newclosed

This one works just as expected, Paul. Thanks.

Note: See TracTickets for help on using tickets.