Date: Fri, 02 Feb 2001 03:20:02 -0800 From: Peter Wemm <peter@netplex.com.au> To: Sheldon Hearn <sheldonh@uunet.co.za> Cc: Stu Pidaso <grim@octet.com>, "Jacques A. Vidrine" <n@nectar.com>, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/login login.c Message-ID: <200102021120.f12BK2W25943@mobile.wemm.org> In-Reply-To: <7897.980850042@axl.fw.uunet.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Sheldon Hearn wrote:
>
>
> On Tue, 30 Jan 2001 05:08:09 EST, Stu Pidaso wrote:
>
> > > # Destroy all stale Kerberos5 tickets
> > > #
> > > for i in `find /tmp -name 'krb5cc_*' -ctime +1 -print` ; do
> > > rm -f $i
> > > done
> >
> > and now you can delete you can delete any file in /tmp.
> >
> > touch 'krb5cc_1 somefileintmp' and wait.
>
> Well spotted.
>
> find /tmp -name 'krb5cc_*' -ctime +1 -exec rm -f {} \;
>
> I don't use -delete because it's not portable.
>
> Of course, the problem is that maximum ticket lifetime is a site-
> configurable value, which is why it _doesn't_ make sense to put this job
> in /etc/crontab in the base system.
>
> The problem is that you can end up with a large number of stale files in
> /tmp if you rely on users to run kdestroy religiously.
Well, if the patches to add proper PAM session support to login etc get
committed then there is an opportunity for the end-of-session cleanup to do
this automatically.
Cheers,
-Peter
--
Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au
"All of this is for nothing if we don't go to the stars" - JMS/B5
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102021120.f12BK2W25943>