1 files changed, 15 insertions, 2 deletions

diff --git a/auth-krb5.c b/auth-krb5.c
index 868288126..38164fda8 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -166,8 +166,13 @@ auth_krb5_password(Authctxt *authctxt, const char *password)
 
         len = strlen(authctxt->krb5_ticket_file) + 6;
         authctxt->krb5_ccname = xmalloc(len);
+#ifdef USE_CCAPI
+        snprintf(authctxt->krb5_ccname, len, "API:%s",
+            authctxt->krb5_ticket_file);
+#else
         snprintf(authctxt->krb5_ccname, len, "FILE:%s",
             authctxt->krb5_ticket_file);
+#endif
 
 #ifdef USE_PAM
         if (options.use_pam)
@@ -219,15 +224,22 @@ krb5_cleanup_proc(Authctxt *authctxt)
 #ifndef HEIMDAL
 krb5_error_code
 ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
-        int tmpfd, ret;
+        int ret;
         char ccname[40];
         mode_t old_umask;
+#ifdef USE_CCAPI
+        char cctemplate[] = "API:krb5cc_%d";
+#else
+        char cctemplate[] = "FILE:/tmp/krb5cc_%d_XXXXXXXXXX";
+        int tmpfd;
+#endif
 
         ret = snprintf(ccname, sizeof(ccname),
-            "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
+            cctemplate, geteuid());
         if (ret < 0 || (size_t)ret >= sizeof(ccname))
                 return ENOMEM;
 
+#ifndef USE_CCAPI
         old_umask = umask(0177);
         tmpfd = mkstemp(ccname + strlen("FILE:"));
         umask(old_umask);
@@ -242,6 +254,7 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) {
                 return errno;
         }
         close(tmpfd);
+#endif
 
         return (krb5_cc_resolve(ctx, ccname, ccache));
 }