Description
GssapiDelegCcacheUnique has a nasty not that users need to come up with a way to monitor and clear of old caches the ccache directory. We also provide a sweeper.py utility in the contrib/ section.
However these solutions are suboptimal as bust of activity (or unintentional DoS) can end up wasting and potentially filling up disk space before the sweeper is scheduled to run.
A more integrated solution could use an on disk or in memory database to track and limit (quota) the number of ccaches stored on disk per user (or in general) so that resource usage can be more efficiently contained.
Apache provides a module called mod_watchdog that can be used for periodic sweep an cleanup, and additionally the main module can enforce quotas on caches my keeping track of the ccaches created per principal and deleting older or unused ones when quota is reached.