Kerberos ccache in /tmp, why not kernel keyring?

Andreas Hasenack andreas at canonical.com
Mon Oct 5 14:45:05 UTC 2020


Hi,

any idea why debian and ubuntu do not use the kernel keyring as the
default storage for the kerberos credentials cache? We still use files
in /tmp, like /tmp/krb5cc_1000 for a user with uid 1000.

Is it because of heimdal compatibility? Its keyring support was merged
in 2018[1], but doesn't seem to be in a release yet.


1. https://github.com/heimdal/heimdal/issues/166,
https://github.com/heimdal/heimdal/commit/fb81598d447305352cd38095ffac701cc3eed0cf



More information about the ubuntu-devel mailing list