[37149] in Kerberos

home help back first fref pref prev next nref lref last post

Re: kerberos ticket cache

daemon@ATHENA.MIT.EDU (Brandon Allbery)
Fri Jul 10 09:54:44 2015

From: Brandon Allbery <ballbery@sinenomine.net>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Fri, 10 Jul 2015 13:52:51 +0000
Message-ID: <1436536370.21172.1.camel@vikktakkht>
In-Reply-To: <EE01C89A84021A42A2D65A1C683626F9848BAFBF@OC11expo28.exchange.mit.edu>
Content-Language: en-US
Content-ID: <742FCD68352B5349A42D7A5ACF19FFB9@mex05.mlsrvr.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

On Fri, 2015-07-10 at 08:37 +0000, Andrew Levin wrote:
> I have noticed that even after I delete my kerberos ticket cache, as
> below, I remain authenticated (eg I can open files in an area where
> kerberos authentication is required). How is this possible?

There is a procedure called "aklog" which registers your ticket with the
kernel (AFS calls this a token) so that it can be used to authenticate
network operations. Removing the userspace ticket cache does not affect
this kernel token.

You can use "unlog" to unregister the token, or "tokens" to see what
tokens you have registered (you can have one per AFS cell).

-- 
brandon s allbery kf8nh                           sine nomine associates
allbery.b@gmail.com                              ballbery@sinenomine.net
unix openafs kerberos infrastructure xmonad        http://sinenomine.net

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post