[31908] in Kerberos
Re: Kerberos syncrepl support for OpenLDAP
daemon@ATHENA.MIT.EDU (Russ Allbery)
Tue Jan 12 16:32:41 2010
From: Russ Allbery <rra@stanford.edu>
To: kerberos@mit.edu
In-Reply-To: <4b4cd727$0$1958$e4fe514c@dreader16.news.xs4all.nl> (Jaap
Winius's message of "12 Jan 2010 20:10:15 GMT")
Date: Tue, 12 Jan 2010 13:32:35 -0800
Message-ID: <87k4vnj9fw.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Jaap Winius <jwinius@umrk.nl> writes:
> Excellent! My new k5start command, which can be executed as root, looks
> like this:
> k5start -U -f /etc/krb5.keytab -b -K 10 -l 24h \
> -k /tmp/krb5cc_105 -o openldap
> I also found out that the name of the credential cache (/tmp) file is
> not arbitrary. In particular, the file name must end with the UID number
> of the user that it's for, in my case the openldap user with UID=105. At
> least, that's the way it works on Debian lenny.
It's arbitrary *if* you set KRB5CCNAME to point to the ticket cache.
Otherwise, yes, you want to make it match the default ticket cache name.
> Incidentally, with kstart 3.15, if the -o flag is used without -k, a
> segfault and a core dump will be the result.
Yeah, will be fixed in 3.16. Sorry about that.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
