Alec Warner <732...@bugs.launchpad.net> writes: > When creating a new ticket cache libpam-krb5 stashes the cache in a > temporary location;
> api-auth.c: pamret = pamk5_cache_init_random(args, creds); > api-password.c: pamret = pamk5_cache_init_random(args, creds); > in cache.c: pamk5_cache_init_random: > char cache_name[] = "/tmp/krb5cc_pam_XXXXXX"; > /* Store the obtained credentials in a temporary cache. */ > pamret = pamk5_cache_mkstemp(args, cache_name); > if (pamret != PAM_SUCCESS) > return pamret; > If /tmp is full this call fails and the entire pam stack will fail. > When the rootfs is full users kind of expect to be able to do normal > operations such as unlocking their screen or using sudo to gain root > access to delete files. Well, those are going to fail anyway unless you've configured something other than the default location for storing the final ticket cache, since the default location for it is also in /tmp. Usually systems are pretty unhappy if there's absolutely no room left in /tmp, and note that root logins or anything that's setuid (like sudo) get to use root's additional margin of free space, if you didn't disable that when you built the filesystem. But sure, I see what you're saying. > It would be nice if we could control where the tempfile was written in > /etc/krb5.conf like many of the other pam options. Yeah, I can do that. I'll try to get that into the next upstream release. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/732990 Title: libpam-krb5 writes to /tmp, does not work when disk is full. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
