On Wed, Aug 09, 2017 at 06:01:26PM +0000, Viktor Dukhovni wrote:
> On Wed, Aug 09, 2017 at 07:34:15PM +0200, Harald Barth wrote:
> 
> > Btw, one of my ticket caches looks like this (probably MIT library):
> > 
> >   Issued                Expires               Principal
> > Aug  5 18:06:47 2017  Aug 12 18:06:45 2017  
> > krbtgt/besserwisser....@besserwisser.org
> > Aug  5 18:06:50 2017  >>>Expired<<<         
> > imap/jaja.besserwisser....@besserwisser.org
> > Aug  6 18:35:34 2017  >>>Expired<<<         
> > imap/jaja.besserwisser....@besserwisser.org
> > Aug  8 09:08:14 2017  >>>Expired<<<         
> > imap/jaja.besserwisser....@besserwisser.org
> > Aug  9 09:12:16 2017  Aug 10 09:12:16 2017  
> > imap/jaja.besserwisser....@besserwisser.org
> > 
> > There is no reason that the expired service tickets are kept around,
> > but in this case, the code seems to keep them and append new tickets
> > at the end instead.
> 
> By design, the "FILE" credential cache type is *append-only*.  Much
> fancier read-write locking and recovery would be needed for a cache
> where entries can be deleted and replaced.

Actually, no, the FILE ccache does support deletion, certainly in
Heimdal 7.x.

Nico
-- 

Reply via email to