On Thu, Jun 09, 2011 at 11:23:14AM +0200, Jan Zelený wrote:
> > Hi,
> >
> > this patch should fix
https://fedorahosted.org/sssd/ticket/888 which
> > describes a corner case where an unused ccache file with a random name
> > is not recreated during the renewal of an expired password via sshd
> > with privilege separation.
> >
> > I have tried to think of a situation where it might be a bad idea to
> > remove the on-disk ccache file but found none.
> >
> > bye,
> > Sumit
>
> Ack,
> just one minor question. Is SSS_PAM_AUTHENTICATE the only action affected
> or could this happen also in another situations (like passwd)?
No, I think SSS_PAM_AUTHENTICATE is the only place where it makes sense
to check if the ccache file can be removed. And it is only needed for the
special sshd case mentioned above. If you call passwd from the command
line you are already logged in and you want to keep the ccache file
name.
Right, it just clicked in my head. Sorry for the stupid question.
Ack again.
Jan