The GitHub Actions job "Tests (AMD)" on airflow.git/docs/kerberos-ccache-non-tmp has succeeded. Run started by GitHub user potiuk (triggered by potiuk).
Head commit for run: 743ec9c9cf96355254c768f78bcd09938aaae0a6 / Jarek Potiuk <[email protected]> Warn against world-accessible Kerberos ccache default in docs The Kerberos integration docs ship a default ccache path of `/tmp/airflow_krb5_ccache`, which sits in a world-readable directory on most Unix systems and would let any other local user on the host read or modify the Airflow service principal's credential cache. Add a warning recommending a non-world-accessible directory (a per-service runtime dir like `/run/airflow/krb5_ccache` or a private user-scoped location) and `chmod 0700` on the parent — mirroring the guidance the docs already give for the keytab. Reported by the L3 ASVS sweep at apache/tooling-agents#23 (FINDING-175). Report URL: https://github.com/apache/airflow/actions/runs/26000743637 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
