[19706] in Kerberos
Re: Can credentials from different realms be put in the same
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Thu Jul 31 11:23:29 2003
Message-ID: <3F2933FB.F296EA30@anl.gov>
Date: Thu, 31 Jul 2003 10:21:31 -0500
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: Grace Tsai <gtsai@bnl.gov>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
cc: kerberos questions <kerberos@mit.edu>
Errors-To: kerberos-bounces@mit.edu
Grace Tsai wrote:
>
> Hi,
>
> We have three different realms listed in our krb5.conf file.
> How can we let users keep credentials given by different realms
> into the same /tmp/krb5cc_<uid> file?
If they do cross realm, the user gets one TGT, and uses it against the
different servers. The cross realm TGTs and the service tickets will endup
in the same cache.
If there is no cross realm, then the user will need to get multiple
TGTs and each will need to be in a seperate cache.
You can set the KRB5CCNAME= to point to the active cache
and reset it before doing some operation which needs a different
cache.
I have an alias setup to do this:
alias k5cc 'setenv KRB5CCNAME FILE:/tmp/krb5cc_dee.\!:1'
>
> Thanks in advance.
>
> Grace
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
