alexal
commented
4 years ago Related to https://github.com/SSSD/sssd/issues/3593
Closed sssd-bot closed 4 years ago
alexal
commented
4 years ago Related to https://github.com/SSSD/sssd/issues/3593
pbrezina
commented
4 years ago It actually seems to be a duplicate of https://github.com/SSSD/sssd/issues/3593
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/2992
Steps to reproduce:
Observed on RHEL-7
Comments
Comment from dpal at 2016-04-18 14:08:32
I remember we discussed it at some point. I know this is how things worked before SSSD but why is it an expectation that the cache should be cleaned?
Comment from jhrozek at 2016-04-18 14:49:02
I would say it was more important back when ccaches were stored on disk. pam_krb5 used to offer this option. But since we are using keyring now, then the ccaches are only accessible by root or by the UID of the user.
Comment from ondrejv2 at 2016-04-19 13:40:16
I think it might be less critical now, but I believe it is still important. Imagine a malicious user gets root access to the machine - he could easily steal network identity of the user who has logged out few hours ago.
Comment from jhrozek at 2016-04-27 17:00:55
If a user gets root on the machine, he can install a keylogger.
This is a bug, but it's fine to fix it in the next version.
milestone: NEEDS_TRIAGE => SSSD 1.15 beta
Comment from ondrejv2 at 2016-04-27 17:19:58
agreed
Comment from jhrozek at 2016-05-26 10:14:28
Fields changed
rhbz: => todo
Comment from ondrejv2 at 2017-02-24 14:34:18
Metadata Update from @ondrejv2:
Comment from jhrozek at 2018-02-13 22:49:20
Metadata Update from @jhrozek:
Comment from thalman at 2020-03-13 11:46:26
Metadata Update from @thalman: