diff options
| author | Greg Hudson <ghudson@mit.edu> | 2019-05-15 01:01:34 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2019-05-31 13:37:40 -0400 |
| commit | e8a35f6962ce2d048616fb7457bff2d90398ca48 (patch) | |
| tree | 421f55df2a2be75706e57370ce40308f5e55ebcd /doc | |
| parent | 12117dbc61639ff3fb510f2feb2de8c41dd2bd23 (diff) | |
| download | krb5-e8a35f6962ce2d048616fb7457bff2d90398ca48.zip krb5-e8a35f6962ce2d048616fb7457bff2d90398ca48.tar.gz krb5-e8a35f6962ce2d048616fb7457bff2d90398ca48.tar.bz2 | |
Use file2 replay cache by default
Remove the existing default replay cache implementation and replace it
with a wrapper around the file2 replay cache code. Change the
filename to krb5_EUID.rcache2, ignoring the residual (and therefore
the server principal name). On Windows, use the local appdata
directory if KRB5RCACHEDIR is not set in the environment.
ticket: 8786
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/basic/rcache_def.rst | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/doc/basic/rcache_def.rst b/doc/basic/rcache_def.rst index 56d369d..5e550fc 100644 --- a/doc/basic/rcache_def.rst +++ b/doc/basic/rcache_def.rst @@ -71,21 +71,30 @@ are in lowercase. The following types are defined: #. **dfl** is the default type if no environment variable or configuration specifies a different type. It stores replay data in - a file, occasionally rewriting it to purge old, expired entries. + a file2 replay cache with a filename based on the effective uid. + The residual value is ignored. The default type can be overridden by the **KRB5RCACHETYPE** environment variable. -For the dfl type, the placement of the replay cache file is determined -by the following: +For the dfl type, the location of the replay cache file is determined +as follows: -#. The **KRB5RCACHEDIR** environment variable; +#. The directory is taken from the **KRB5RCACHEDIR** environment + variable, or the **TMPDIR** environment variable, or a temporary + directory determined at configuration time such as ``/var/tmp``, in + descending order of preference. -#. If KRB5RCACHEDIR is unspecified, on UNIX, the library - will fall back to the environment variable **TMPDIR**, and then to - a temporary directory determined at configuration time such as - */tmp* or */var/tmp*; on Windows, it will check the environment - variables *TEMP* and *TMP*, and fall back to the directory C:\\. +#. The filename is ``krb5_EUID.rcache2`` where EUID is the effective + uid of the process. + +#. The file is opened without following symbolic links, and ownership + of the file is verified to match the effective uid. + +On Windows, the directory for the dfl type is the local appdata +directory, unless overridden by the **KRB5RCACHEDIR** environment +variable. The filename on Windows is ``krb5.rcache2``, and the file +is opened normally. Performance issues ------------------ |