From 5b39bd7c1d5447e544498962e93ac06c86f9d1f2 Mon Sep 17 00:00:00 2001 From: Viktor Dukhovni Date: Fri, 26 May 2017 03:20:55 +0000 Subject: [PATCH] New KRB5_NO_TICKET_STORE env var --- kuser/kgetcred.1 | 14 ++++++++++++++ lib/krb5/context.c | 3 ++- lib/krb5/get_cred.c | 2 ++ lib/krb5/krb5_locl.h | 1 + 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/kuser/kgetcred.1 b/kuser/kgetcred.1 index 5bc576290..8f3e75d0e 100644 --- a/kuser/kgetcred.1 +++ b/kuser/kgetcred.1 @@ -164,6 +164,20 @@ same behavior as using the .Fl Fl canonicalize .Fl Fl hostbased options here. +.Sh ENVIRONMENT +.Bl -tag -width Ds +.It Ev KRB5CCNAME +Specifies the default credentials cache. +.It Ev KRB5_CONFIG +The file name of +.Pa krb5.conf , +the default being +.Pa /etc/krb5.conf . +.It Ev KRB5_NO_TICKET_STORE +If this variable is present in the environment, any service tickets obtained +are not added to the credential cache. This affects all heimdal applications +and library clients, not just kgetcred. +.El .Sh SEE ALSO .Xr kinit 1 , .Xr klist 1 , diff --git a/lib/krb5/context.c b/lib/krb5/context.c index ac55408e8..34d83013c 100644 --- a/lib/krb5/context.c +++ b/lib/krb5/context.c @@ -179,7 +179,8 @@ init_context_from_config_file(krb5_context context) INIT_FIELD(context, bool, log_utc, FALSE, "log_utc"); - + context->no_ticket_store = + getenv("KRB5_NO_TICKET_STORE") != NULL; /* init dns-proxy slime */ tmp = krb5_config_get_string(context, NULL, "libdefaults", diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c index b6fdde5c8..45da8a374 100644 --- a/lib/krb5/get_cred.c +++ b/lib/krb5/get_cred.c @@ -1266,6 +1266,8 @@ static void store_cred(krb5_context context, krb5_ccache ccache, krb5_const_principal server_princ, krb5_creds *creds) { + if (context->no_ticket_store) + return; if (!krb5_principal_compare(context, creds->server, server_princ) && !krb5_principal_is_krbtgt(context, server_princ)) { krb5_principal tmp_princ = creds->server; diff --git a/lib/krb5/krb5_locl.h b/lib/krb5/krb5_locl.h index d188ee73f..08e121c98 100644 --- a/lib/krb5/krb5_locl.h +++ b/lib/krb5/krb5_locl.h @@ -247,6 +247,7 @@ typedef struct krb5_context_data { krb5_boolean scan_interfaces; /* `ifconfig -a' */ krb5_boolean srv_lookup; /* do SRV lookups */ krb5_boolean srv_try_txt; /* try TXT records also */ + krb5_boolean no_ticket_store; /* Don't store service tickets */ int32_t fcache_vno; /* create cache files w/ this version */ int num_kt_types; /* # of registered keytab types */ -- 2.11.4.GIT