Hello Olaf, thanks for your quick response. On Fri, 6 Dec 2002 Olaf Kirch assaulted the keyboard and produced:
On Fri, Dec 06, 2002 at 07:21:42PM +0100, Helge Bahmann wrote:
- tickets are obtained and validated from kdc - credentials cache file /tmp/krb5cc_0 (!) is created and KRB5CCNAME set accordingly for the session
You should check the README that comes with our pam_krb5 RPM. It describes how to use separate cc files for all sessions.
you are referring to the ccache parameter? yes I know, I'm using it; but
since the cc file names are still quite easily guessable, the possibility
of the root compromise remains (unless there is some misconfiguration on
my part, which I'm still not sure about -- the behvior is just too
strange).
Will try to produce some more information.
Best regards
--
Helge Bahmann