[32876] in Kerberos
Re: Static ticket cache name
daemon@ATHENA.MIT.EDU (Russ Allbery)
Wed Nov 10 17:13:10 2010
From: Russ Allbery <rra@stanford.edu>
To: Techie <techchavez@gmail.com>
In-Reply-To: <AANLkTikfonQkAvOAT+xT=R=f1ACAJDhetMzeU6fHxvAo@mail.gmail.com>
(Techie's message of "Wed, 10 Nov 2010 15:01:49 -0700")
Date: Wed, 10 Nov 2010 14:12:53 -0800
Message-ID: <87hbfoomje.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Techie <techchavez@gmail.com> writes:
> Hello is it possible to set a static credential cache name? For
> example force the use of krb5cc_12334.
This is not recommended because it's a potential security issue unless
you're using a non-world-writable directory in which to store your ticket
caches.
> I have a situation where there will only be one user on a box at a time
> and I want to use a static credential cache name. I tried using pam_krb5
> but it is not working. I also tried setting KRB5CCNAME and
> PAM_KRB5_CCNAME but no success. It may be that this is impossible but
> figure I would ask.
What pam_krb5 module are you using? Mine has always supported this. See
the ccache and ccache_dir configuration parameters.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
