[33109] in Kerberos
Re: Cross Realm Administration?
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Fri Jan 14 10:27:58 2011
Message-ID: <4D306B79.5030002@anl.gov>
Date: Fri, 14 Jan 2011 09:27:53 -0600
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: kerberos@mit.edu
In-Reply-To: <a2c37450-c53a-4891-9796-8fce79373cec@k11g2000vbf.googlegroups.com>
Cc: jdraht@gmail.com
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 1/12/2011 9:03 AM, Jeff draht wrote:
> Here is the manpage for kinit.
>
> I understand the /tmp for the ticket cache of the user
> that is logged in.
>
> However, I do not understand you indicating that
> the /etc/krb5/krb5.keytab is not the keytab file?
Some misunderstanding. /etc/krb5/krb5.keytab is the
system's keytab file, and should be readable only by root.
If you have other services not running as root, and
they need a keytab file, the keytab file should be
owned by the UID running the service. Or if the user has
a keytab file it should readable only be the user.
>
> The output of this file is diaplayed by a "klist -k"
>
> "klist" seems to show the ticket cache for the user
> running the command.
It can show ticket caches or keytab files.
>
> /tmp/krb5cc_uid Default credentials cache (uid is
> the decimal UID of the user).
>
> /etc/krb5/krb5.keytab Default location for the local
> host's keytab file.
>
> /etc/krb5/krb5.conf Default location for the local
> host's configuration file. See
> krb5.conf(4).
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
