Kerberos ccache in /tmp, why not kernel keyring?

Andreas Hasenack andreas at
Mon Oct 5 14:45:05 UTC 2020


any idea why debian and ubuntu do not use the kernel keyring as the
default storage for the kerberos credentials cache? We still use files
in /tmp, like /tmp/krb5cc_1000 for a user with uid 1000.

Is it because of heimdal compatibility? Its keyring support was merged
in 2018[1], but doesn't seem to be in a release yet.


More information about the ubuntu-devel mailing list