[36409] in Kerberos
Re: Multiple principals from different realms via kinit?
daemon@ATHENA.MIT.EDU (Simo Sorce)
Thu Aug 28 09:32:03 2014
Message-ID: <1409232667.6483.31.camel@willson.usersys.redhat.com>
From: Simo Sorce <simo@redhat.com>
To: Cedric Blancher <cedric.blancher@gmail.com>
Date: Thu, 28 Aug 2014 09:31:07 -0400
In-Reply-To: <CALXu0UdrcP-EA3ZXXoiLkX0mimL3ZpWo5Laso_87xxAgHiPA6w@mail.gmail.com>
Mime-Version: 1.0
Cc: "<kerberos@mit.edu>" <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Thu, 2014-08-28 at 14:36 +0200, Cedric Blancher wrote:
> On 27 August 2014 18:16, Benjamin Kaduk <kaduk@mit.edu> wrote:
> > On Wed, 27 Aug 2014, ольга крыжановская wrote:
> >
> >> How can I use multiple principals from different realms via kinit?
> >>
> >> I tried:
> >> kinit fleyta@WARONTERROR.COM
> >> ...
> >> klist shows tgt for fleyta@WARONTERROR.COM
> >
> > klist -A shows tickets in all caches in the collection, not just the
> > current cache (as klist without -A does). You'll generally want to be
> > using a collection-enabled cache type such as DIR: or a post-1.12 KEYRING:
> > in order to get the best behavior when using multiple client principals.
> >
> > As mentioned already, kswitch is also useful in these situations.
>
> How do services like NFSv4, HTTP/spnego or GSSAPI know which of the
> entries is the one they want?
They'll make a guess based on the realm, or pick the primary.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
