[32885] in Kerberos
Re: multiple principals in one cache?
daemon@ATHENA.MIT.EDU (Russ Allbery)
Wed Nov 10 18:37:36 2010
From: Russ Allbery <rra@stanford.edu>
To: Abe Singer <abe@ligo.caltech.edu>, kerberos@mit.edu
In-Reply-To: <201011102329.oAANTVZx025595@hedwig.cmf.nrl.navy.mil> (Ken
Hornstein's message of "Wed, 10 Nov 2010 18:29:30 -0500")
Date: Wed, 10 Nov 2010 15:37:31 -0800
Message-ID: <87iq04n41w.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Ken Hornstein <kenh@cmf.nrl.navy.mil> writes:
> - Play some games with credential caches. Have two simultaneous credential
> caches and switch between them via changing environment variables.
> - Use a Mac, which already has support for this. Although what IT does is
> a little bit funky: it keeps the tickets for the different principals
> around in another credential cache, so the tickets for user@REALM-1
> are segregated from the tickets for user@REALM-2 (see the -A option
> to klist and kswitch under MacOS X). But it works and is probably
> the most reasonable option that I know, given all of the issues that
> are involved with it.
> Most people I know pick the second option.
Note that these two options are essentially identical, with kswitch on
UNIX being implemented as "change your KRB5CCNAME environment variable."
The second option (the first one I quote above) is basically a buggy
version of the third option.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
