When "no_ccache" is set as an argument to the pam_krb5 module, don't

copy the acquired TGT from the in-memory cache to the on-disk cache at login. This was documented but un-implemented behavior. MFC after: 1 week PR: bin/64464 Reported and tested by: Eric van Gyzen <vangyzen at stat dot duke dot edu>
author: rwatson <rwatson@FreeBSD.org> 2005-01-24 16:49:50 +0000
committer: rwatson <rwatson@FreeBSD.org> 2005-01-24 16:49:50 +0000
commit: 3441ac65f830a5e88b963e48060d42b04dc11194 (patch)
tree: 650dc6ed7bc36f857f7259cad0524b4989fd43d8 /lib/libpam
parent: 48c3845c46414d95447af0856f3b03dac654a416 (diff)
download: FreeBSD-src-3441ac65f830a5e88b963e48060d42b04dc11194.zip
FreeBSD-src-3441ac65f830a5e88b963e48060d42b04dc11194.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/libpam/modules/pam_krb5/pam_krb5.c b/lib/libpam/modules/pam_krb5/pam_krb5.c
index d977ea1..2cfddbc 100644
--- a/lib/libpam/modules/pam_krb5/pam_krb5.c
+++ b/lib/libpam/modules/pam_krb5/pam_krb5.c
@@ -362,6 +362,10 @@ pam_sm_setcred(pam_handle_t *pamh, int flags,
 	if (!(flags & PAM_ESTABLISH_CRED))
 		return (PAM_SERVICE_ERR);
 
+	/* If a persistent cache isn't desired, stop now. */
+	if (openpam_get_option(pamh, PAM_OPT_NO_CCACHE))
+		return (PAM_SUCCESS);
+
 	PAM_LOG("Establishing credentials");
 
 	/* Get username */
author	rwatson <rwatson@FreeBSD.org>	2005-01-24 16:49:50 +0000
committer	rwatson <rwatson@FreeBSD.org>	2005-01-24 16:49:50 +0000
commit	3441ac65f830a5e88b963e48060d42b04dc11194 (patch)
tree	650dc6ed7bc36f857f7259cad0524b4989fd43d8 /lib/libpam
parent	48c3845c46414d95447af0856f3b03dac654a416 (diff)
download	FreeBSD-src-3441ac65f830a5e88b963e48060d42b04dc11194.zip FreeBSD-src-3441ac65f830a5e88b963e48060d42b04dc11194.tar.gz