From c260d63245c54b8434b4a1b345f832db8e729e50 Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Apr 01 2008 21:33:53 +0000
Subject: Move ipa_kpasswd credential cache in its own directory


---

diff --git a/ipa-server/ipa-kpasswd/Makefile.am b/ipa-server/ipa-kpasswd/Makefile.am
index 2953823..5f95fde 100644
--- a/ipa-server/ipa-kpasswd/Makefile.am
+++ b/ipa-server/ipa-kpasswd/Makefile.am
@@ -26,6 +26,14 @@ ipa_kpasswd_LDADD =		\
 	$(KRB5_LIBS)		\
 	$(NULL)
 
+install-exec-local:
+	mkdir -p $(DESTDIR)$(localstatedir)/cache/ipa/kpasswd
+	chmod 700 $(DESTDIR)$(localstatedir)/cache/ipa/kpasswd
+
+uninstall-local:
+	-rmdir $(DESTDIR)$(localstatedir)/cache/ipa/kpasswd
+	-rmdir $(DESTDIR)$(localstatedir)/cache/ipa
+
 EXTRA_DIST =			\
 	README			\
 	ipa_kpasswd.init	\
diff --git a/ipa-server/ipa-kpasswd/ipa_kpasswd.c b/ipa-server/ipa-kpasswd/ipa_kpasswd.c
index 77bf6d7..898cffa 100644
--- a/ipa-server/ipa-kpasswd/ipa_kpasswd.c
+++ b/ipa-server/ipa-kpasswd/ipa_kpasswd.c
@@ -43,7 +43,7 @@
 #include <sasl/sasl.h>
 
 #define DEFAULT_KEYTAB "FILE:/var/kerberos/krb5kdc/kpasswd.keytab"
-#define TMP_TEMPLATE "/tmp/kpasswd.XXXXXX"
+#define TMP_TEMPLATE "/var/cache/ipa/kpasswd/krb5_cc.XXXXXX"
 #define KPASSWD_PORT 464
 
 /* blacklist entries are released only BLCAKLIST_TIMEOUT seconds
diff --git a/ipa-server/ipa-server.spec b/ipa-server/ipa-server.spec
index 4360924..d231d38 100755
--- a/ipa-server/ipa-server.spec
+++ b/ipa-server/ipa-server.spec
@@ -150,7 +150,9 @@ fi
 %attr(755,root,root) %{plugin_dir}/libipa-dna-plugin.so
 
 %dir %{_localstatedir}/lib/ipa
-%dir %{_localstatedir}/lib/ipa/sysrestore
+%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore
+%dir %{_localstatedir}/cache/ipa
+%attr(700,root,root) %dir %{_localstatedir}/cache/ipa/kpasswd
 %attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/sessions
 
 %{_mandir}/man8/ipactl.8.gz
diff --git a/ipa-server/ipa-server.spec.in b/ipa-server/ipa-server.spec.in
index 46adec9..ff8372b 100644
--- a/ipa-server/ipa-server.spec.in
+++ b/ipa-server/ipa-server.spec.in
@@ -150,7 +150,9 @@ fi
 %attr(755,root,root) %{plugin_dir}/libipa-dna-plugin.so
 
 %dir %{_localstatedir}/lib/ipa
-%dir %{_localstatedir}/lib/ipa/sysrestore
+%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore
+%dir %{_localstatedir}/cache/ipa
+%attr(700,root,root) %dir %{_localstatedir}/cache/ipa/kpasswd
 %attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/sessions
 
 %{_mandir}/man8/ipactl.8.gz