[36408] in Kerberos
Re: Multiple principals from different realms via kinit?
daemon@ATHENA.MIT.EDU (Cedric Blancher)
Thu Aug 28 08:37:07 2014
MIME-Version: 1.0
In-Reply-To: <alpine.GSO.1.10.1408271214580.21571@multics.mit.edu>
Date: Thu, 28 Aug 2014 14:36:00 +0200
Message-ID: <CALXu0UdrcP-EA3ZXXoiLkX0mimL3ZpWo5Laso_87xxAgHiPA6w@mail.gmail.com>
From: Cedric Blancher <cedric.blancher@gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: "<kerberos@mit.edu>" <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 27 August 2014 18:16, Benjamin Kaduk <kaduk@mit.edu> wrote:
> On Wed, 27 Aug 2014, ольга крыжановская wrote:
>
>> How can I use multiple principals from different realms via kinit?
>>
>> I tried:
>> kinit fleyta@WARONTERROR.COM
>> ...
>> klist shows tgt for fleyta@WARONTERROR.COM
>
> klist -A shows tickets in all caches in the collection, not just the
> current cache (as klist without -A does). You'll generally want to be
> using a collection-enabled cache type such as DIR: or a post-1.12 KEYRING:
> in order to get the best behavior when using multiple client principals.
>
> As mentioned already, kswitch is also useful in these situations.
How do services like NFSv4, HTTP/spnego or GSSAPI know which of the
entries is the one they want?
Ced
--
Cedric Blancher <cedric.blancher@gmail.com>
Institute Pasteur
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
