[37149] in Kerberos
Re: kerberos ticket cache
daemon@ATHENA.MIT.EDU (Brandon Allbery)
Fri Jul 10 09:54:44 2015
From: Brandon Allbery <ballbery@sinenomine.net>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Fri, 10 Jul 2015 13:52:51 +0000
Message-ID: <1436536370.21172.1.camel@vikktakkht>
In-Reply-To: <EE01C89A84021A42A2D65A1C683626F9848BAFBF@OC11expo28.exchange.mit.edu>
Content-Language: en-US
Content-ID: <742FCD68352B5349A42D7A5ACF19FFB9@mex05.mlsrvr.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Fri, 2015-07-10 at 08:37 +0000, Andrew Levin wrote:
> I have noticed that even after I delete my kerberos ticket cache, as
> below, I remain authenticated (eg I can open files in an area where
> kerberos authentication is required). How is this possible?
There is a procedure called "aklog" which registers your ticket with the
kernel (AFS calls this a token) so that it can be used to authenticate
network operations. Removing the userspace ticket cache does not affect
this kernel token.
You can use "unlog" to unregister the token, or "tokens" to see what
tokens you have registered (you can have one per AFS cell).
--
brandon s allbery kf8nh sine nomine associates
allbery.b@gmail.com ballbery@sinenomine.net
unix openafs kerberos infrastructure xmonad http://sinenomine.net
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos