[pbs-devel] [PATCH backup v3 1/2] http_client: store tickets in the user's config directory
Thomas Lamprecht
t.lamprecht at proxmox.com
Fri Apr 18 14:46:18 CEST 2025
Am 16.04.25 um 14:56 schrieb Maximiliano Sandoval:
> The environment variable XDG_RUNTIME_DIR is only set if the user is
> logged into a seat. If, for example, the backup client was run with
> `sudo` then the ticket would not be a stored.
>
> By storing the ticket in the user's configuration directory, it can be
> reused later if the user logs out.
Hmm, but XDG_CONFIG_HOME does not have to point to ~/.config, so is
this really solving the problem?
Would it maybe be nicer to keep the default in XDG_RUNTIME_DIR and
fallback to some other mechanism, like kernel keyring or alternatively
maybe systemd creds?
The [keyrings manpage] description would make it seem like an ideal
candidate for such things:
"The Linux key-management facility is primarily a way for various
kernel components to retain or cache security data, authentication
keys, encryption keys, and other data in the kernel."
I.e., the ticket _is_ security data and an authentication key that
needs to be cached. One can even set an expiry time for such keys.
[keyrings manpage]: https://manpages.debian.org/bookworm/manpages/keyrings.7.en.html
> Since the tickets are only valid for a limited time, it is not a problem
> if this file is not automatically cleaned.
But that's also why it certainly isn't a config, so feels IMO also
wrong besides above point about this being rather a lateral move.
More information about the pbs-devel
mailing list