1 files changed, 15 insertions, 2 deletions

diff --git a/auth-krb5.c b/auth-krb5.c
index a5a81ed2e..38e7fee21 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -182,8 +182,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
 
         len = strlen(authctxt->krb5_ticket_file) + 6;
         authctxt->krb5_ccname = xmalloc(len);
+#ifdef USE_CCAPI
+        snprintf(authctxt->krb5_ccname, len, "API:%s",
+            authctxt->krb5_ticket_file);
+#else
         snprintf(authctxt->krb5_ccname, len, "FILE:%s",
             authctxt->krb5_ticket_file);
+#endif
 
 #ifdef USE_PAM
         if (options.use_pam)
@@ -240,15 +245,22 @@ krb5_cleanup_proc(Authctxt *authctxt)
 #ifndef HEIMDAL
 krb5_error_code
 ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
-        int tmpfd, ret, oerrno;
+        int ret, oerrno;
         char ccname[40];
         mode_t old_umask;
+#ifdef USE_CCAPI
+        char cctemplate[] = "API:krb5cc_%d";
+#else
+        char cctemplate[] = "FILE:/tmp/krb5cc_%d_XXXXXXXXXX";
+        int tmpfd;
+#endif
 
         ret = snprintf(ccname, sizeof(ccname),
-            "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
+            cctemplate, geteuid());
         if (ret < 0 || (size_t)ret >= sizeof(ccname))
                 return ENOMEM;
 
+#ifndef USE_CCAPI
         old_umask = umask(0177);
         tmpfd = mkstemp(ccname + strlen("FILE:"));
         oerrno = errno;
@@ -265,6 +277,7 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
                 return oerrno;
         }
         close(tmpfd);
+#endif
 
         return (krb5_cc_resolve(ctx, ccname, ccache));
 }