[36697] in Kerberos
Re: how to set default TGT file path
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Sun Dec 28 18:09:28 2014
Date: Sun, 28 Dec 2014 18:09:03 -0500 (EST)
From: Benjamin Kaduk <kaduk@mit.edu>
To: steve <steve@steve-ss.com>
In-Reply-To: <549AF282.1060104@steve-ss.com>
Message-ID: <alpine.GSO.1.10.1412281806400.23489@multics.mit.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Wed, 24 Dec 2014, steve wrote:
> On 24/12/14 09:45, Peng Hu PH Pei wrote:
> >
> > Put in krb5.conf and run kinit, the TGT is still in /tmp/:
> >
> > [libdefaults]
> > default_ccache_name = FILE:/var/tmp/krb5cc_%{euid}
> Hi
> I think that should be:
> default_ccache_name = /var/tmp/krb5cc_%{uid}
The type prefix is used, if set; the default is currently to FILE:, but
might conceivably change in the future if someone decides that gratuitous
breakage is a good idea.
> But I don't think we do it in userspace these days. There is a keyring
> cache in the kernel. I think that's what you need.
It's far from clear that the KEYRING: cache type is desired here, and even
if it is, the userspace settings still need to be present just as they
would be for, e.g., a FILE: cache type.
A residual KRB5CCNAME in the environment of the OP's shell might explain
the symptoms; the KRB5_TRACE output from kinit would be useful to see
what's going on.
-Ben Kaduk
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
