[36531] in Kerberos
documentation on how to set $KRB5CCNAME for kerberized/gssapi
daemon@ATHENA.MIT.EDU (Natxo Asenjo)
Thu Oct 9 17:10:29 2014
MIME-Version: 1.0
Date: Thu, 9 Oct 2014 23:10:17 +0200
Message-ID: <CAHBEJzXEU4qkMdEaaKaeL=-CuG+vJVz7qvmcTAYc=ZmNd+h3cg@mail.gmail.com>
From: Natxo Asenjo <natxo.asenjo@gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
hi,
When implementing rsyslog with gssapi
(http://www.rsyslog.com/doc/gssapi.html) I came accross the issue
that the rsyslog software expects the credentials cache of the host
principal in /tmp/krb5cc_0; the centos 6.5 hosts joined to a freeipa
kerberos domain save that to /var/tmp/host_0 .
I tried setting this:
KRB5CCNAME='/var/tmp/host_0'
or variations on that (double inverted comma's, no comma's) in
/etc/sysconfig/rsyslog which is the place where one expect to declare
such a variable in redhat/centos systems because that file is sourced
by the init scrip of rsyslog. But unfortunately rsyslog kept
requesting the /tmp/krb5cc_0 file. Copying /var/tmp/host_0 over
/tmp/krb5cc_0 solves this problem and then one can relay syslog
messages using kerberos authentication, but it is not really elegant.
So I asked on the rsyslog list and its main developper asked me what
function should be called to implement the KRB5CCNAME variable for
that application. Could you give me any pointers so that he can
implement that for rsyslog?
Thanks in advance.
--
regards,
natxo
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
