s4-credentials Allow use of file-based credentials caches for debugging.

This means that we will leave a slew of file based credentials caches
in /tmp, which should give some clues to the administrator or
developer via klist as to what has gone wrong.

Andrew Bartlett

diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index bfba1679f74671e043d6007dc4854b5f7b1fd9be..aba010453d7670ecdca723d9638c4ac32ed7b55a 100644 (file)
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -235,9 +235,15 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred,
 
        if (!ccache_name) {
                must_free_cc_name = true;
-               ccache_name = talloc_asprintf(ccc, "MEMORY:%p", 
-                                             ccc);
-               
+
+               if (lpcfg_parm_bool(lp_ctx, NULL, "credentials", "krb5_cc_file", false)) {
+                       ccache_name = talloc_asprintf(ccc, "FILE:/tmp/krb5_cc_samba_%u_%p", 
+                                                     (unsigned int)getpid(), ccc);
+               } else {
+                       ccache_name = talloc_asprintf(ccc, "MEMORY:%p", 
+                                                     ccc);
+               }
+
                if (!ccache_name) {
                        talloc_free(ccc);
                        (*error_string) = strerror(ENOMEM);