Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-1129

Usage of /tmp for loginXXXXconf for GSSAPI SASL is a bad place

    Details

      Description

      OpenDJ 2.4.6, at least, stores data in a /tmp/loginXXXXXconf file at server start time. It relies on this file for the duration of the server process(es).

      Per Ludovic:

      The Java GSSAPI SASL Handler uses many parts of Java and the OS, and rely on properties and configuration files to work.
      When the mechanism is started, some parameters as stored in a temporary config file (and its location depend on the temp directory).
      While the server is running, the file is used for each authentication.

      Many OSes come with cron jobs that clean out old files from /tmp.

      Eventually, this SASL GSSAPI temp file gets removed and all GSSAPI authentication to the directory server stops functioning.

      The workaround is to remove OS cron jobs that clean /tmp, then restart the server.

        Attachments

          Activity

            People

            • Assignee:
              ludo Ludovic Poitou
              Reporter:
              jblaine jblaine
              Dev Assignee:
              Ludovic Poitou
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: