[32888] in Kerberos
Re: multiple principals in one cache?
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Wed Nov 10 18:48:21 2010
Message-Id: <201011102348.oAANmEiW025749@hedwig.cmf.nrl.navy.mil>
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
To: <kerberos@mit.edu>
In-Reply-To: <1289432083.2633.1148.camel@ray>
Date: Wed, 10 Nov 2010 18:48:14 -0500
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>* The krb5 GSS mech insists that the cache's default principal matches
>the client name, not just that the cache contains an appropriate ticket.
It's not just the GSS mech that does this, though ... every raw Kerberos
program I've ever seen does the exact same thing. Unless you allow your
program to specify the client principal, I'm not sure what else you could do.
>You can produce a ccache with multiple client principals using ksu.
Didn't know about that; good to know! Although ... huh, I'm looking
at the man page for ksu (probably the ONE Kerberos program I've never
run), and my question is: how, exactly, do you do that?
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
