[32903] in Kerberos
Re: multiple principals in one cache?
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Nov 15 13:43:07 2010
From: Greg Hudson <ghudson@mit.edu>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
In-Reply-To: <201011102348.oAANmEiW025749@hedwig.cmf.nrl.navy.mil>
Date: Mon, 15 Nov 2010 13:42:56 -0500
Message-ID: <1289846576.2633.1171.camel@ray>
Mime-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Wed, 2010-11-10 at 18:48 -0500, Ken Hornstein wrote:
> >You can produce a ccache with multiple client principals using ksu.
>
> Didn't know about that; good to know! Although ... huh, I'm looking
> at the man page for ksu (probably the ONE Kerberos program I've never
> run), and my question is: how, exactly, do you do that?
I don't think it can be used as a general tool for this purpose, but it
does produce such a ccache as a side effect of its regular function.
For example, if I'm logged in with tickets as ghudson@ATHENA.MIT.EDU and
I ksu to root by entering the password for ghudson/root@ATHENA.MIT.EDU,
I wind up with a new ccache containing all of my old tickets (for client
principal ghudson) plus a TGT and host service ticket for client
principal ghudson/root.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
