Learn more about these different git repos.
Other Git URLs
When krb5_ccachedir is not used in krb5_ccname_template through the %d expansion variable and krb5_ccname_template includes expansion variables like %U unexpected results are achieved.
For example, setting krb5_ccname_template to /run/user/%u/krb5cc for user 'test' leads to the creation of a directory 'test' in /run/user with permission 01777 and ownership of 1000:1000 (user test own uid and gid).
This is incorrect and can lead the unaware admin to create some directories with overly broad permissions when unintended.
owner: somebody => simo
status: new => assigned
patch: 0 => 1
milestone: NEEDS_TRIAGE => SSSD 1.12 beta
rhbz: => 0
The patches have been acked, so moving to 1.11.2
milestone: SSSD 1.12 beta => SSSD 1.11.2
resolution: => fixed
status: assigned => closed
changelog: => The Kerberos provider is no longer able to create public directories when evaluating the krb5_ccachedir option. This is a backwards-incompatible change. Creating public directories is something the system administrator should perform in order for the directories to have the correct permissions and allow the authentication daemon to create user directories as private only.
Metadata Update from @simo:
- Issue assigned to simo
- Issue set to the milestone: SSSD 1.11.2
to comment on this ticket.