[39616] in Kerberos
Re: krb5ccmachine
daemon@ATHENA.MIT.EDU (Christian, Mark)
Mon Apr 27 10:16:35 2026
From: "Christian, Mark" <mark.christian@intel.com>
CC: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Mon, 27 Apr 2026 14:16:15 +0000
Message-ID: <bdfd7ab3a1a76bbd5abb3ae219c5cebce8d2621a.camel@intel.com>
In-Reply-To: <-y-c4c5KAx_sZy5JJOgjg4ztnCM4RurxFAKV-mHiZrmNsG7BpEG2DihwKp5vPzpIus5Gx79JI4X7_RurezUzBunJXIJk1KCI4RUBIp2yujc=@protonmail.com>
Content-Language: en-US
Content-ID: <7A4F7C5268E8364A96B44FE41F40B926@namprd11.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Mon, 2026-04-27 at 04:38 +0000, Marek Greško wrote:
> Hello,
>
> the
> kinit -c /tmp/krb5ccmachine_EXAMPLE.COM
> asks for password. Which password? What should I expect thereafter to
> happen?
Sorry I meant for you to use klist, not kinit:
% klist -c /tmp/krb5ccmachine_EXAMPLE.COM
>
> I also asked AI to help me on the original issue. It thinks it is
> related to gssproxy and most probably it is right. It stated there is
> not nuch to do and I should accept the current state. But I feel a
> little bit unhappy, since it creates file with predictable name in
> the /tmp and it could be a security risk.
see man gssproxy.conf for details on howto configure the location of
cred_store / ccache.
Mark
>
> Thanks
>
> Marek
>
>
>
> Odoslané pomocou bezpečného emailu Proton Mail.
>
> piatok 24. apríla 2026, 16:02, Christian, Mark
> <mark.christian@intel.com> napísal/a:
>
> > On Fri, 2026-04-24 at 10:44 +0000, Marek Greško via Kerberos wrote:
> > > Hello,
> > >
> > > I have configured kerberos client on Fedora 43. I configured
> > > kerberos
> > > to use KCM: ccache. Users ccaches are in KCM, but I always see
> > > the
> > > file /tmp/krb5ccmachine_EXAMPLE.COM created. Why is this file
> > > created?
> >
> > Perhaps related to your kerberos NFS configuration? Inspect the
> > cache,
> > kinit -c /tmp/krb5ccmachine_EXAMPLE.COM, doing so might clue you
> > in.
> >
> > Mark
> >
> > > What mechanism does not use KCM and how could it be convinced to
> > > do
> > > so?
> > >
> > > Thanks
> > >
> > > Marek
> > > ________________________________________________
> > > Kerberos mailing list Kerberos@mit.edu
> > > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
> > ________________________________________________
> > Kerberos mailing list Kerberos@mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
