[5581] in Kerberos
Using multiple TGTs
daemon@ATHENA.MIT.EDU (Kenneth D. Renard )
Tue Aug 1 21:36:05 1995
To: kerberos@MIT.EDU
Date: Tue, 1 Aug 1995 13:22:18 GMT
From: kdrenard@arl.mil (Kenneth D. Renard )
[Kerberos V5 Beta 5]
I am looking for thoughts and ideas about using multiple ticket caches
to access multiple Kerberos realms where cross-realm trust is not a
possibility. Currently, users select a ticket cache by setting their
KRB5CCNAME environment variable. I see 2 possible improvements
to this:
1. Allow multiple TGTs (for different realms) in the same ticket cache.
When a user runs "kinit" to authenticate with a second realm, the TGT
is put in the same cache as their current TGT and can be used accordingly.
(What do you do about the principal named in the cache??)
2. Allow the KRB5CCNAME variable to have multiple caches named. KRB5CCNAME
would be an array of ticket cache identifiers that could be searched by
krb5_cc_resolve() given the default realm in krb5_context, or by
a seperate realm identifier.
Comments, suggestions???
-Ken Renard
--
-------------------------------------------------------------------------------
Ken Renard
U.S. Army Research Lab
