[6595] in Kerberos
Re: CNS: keeping tickets for multiple realms?
daemon@ATHENA.MIT.EDU (Jonathan Kamens)
Sun Feb 4 15:02:54 1996
To: kerberos@MIT.EDU
Date: 4 Feb 1996 19:03:27 GMT
From: jik@annex-1-slip-jik.cam.ov.com (Jonathan Kamens)
Two solutions:
1) Arrange for realm1 and realm2 to share keys, pick one of the realms to be
your primary realm, and use your principal in that realm in ACLs in both
realms. That way, you will always only need tickets in a single realm.
2) Keep multiple ticket files, with aliases to easily switch between them.
For example, here are my tcsh aliases (with some brief comments explaining
what they do). The macro-like thing you see is an M4 macros, because I'm
quoting the source file from which my aliases are produced -- I use my
dotfiles on multiple machines, some of which have both V4 and V5 installed,
and some of which have just V5.
# nifty kerberos ticket aliases
# Switch back to my "home" ticket file. MYTKTS is set in my .login file if
# KRB5CCNAME is set by login (i.e., if my "home" tickets aren't in the default
# ticket file).
alias tktme 'unsetenv KRB5CCNAME; if ($MYTKTS != "") setenv KRB5CCNAME $MYTKTS; unsetenv KRBTKFILE'
# Switch to a new ticket file. E.g., "tktsw jik@ATHENA.MIT.EDU" to switch to
# a ticket file for the principal "jik@ATHENA.MIT.EDU".
alias tktsw 'setenv KRB5CCNAME FILE:/tmp/krb5cc`echo \!*|sed 's,/,.,g'`; \\
klist -s || kinit \!*; \\
has_kerberos_v4(�
setenv KRBTKFILE /tmp/tkt_`echo \!*|sed 's,/,.,g'`; \\
klist.v4 -t || k524init \\
�)
'
# Switch to a ticket file for the principal "username/instance", e.g., "tktswi
# root" to switch to my "jik/root" tickets for logging into our servers as
# root.
alias tktswi 'setenv KRB5CCNAME FILE:/tmp/krb5cc$user.`echo \!*|sed 's,/,.,g'`; \\
klist -s || kinit $user/\!*; \\
has_kerberos_v4(�
setenv KRBTKFILE /tmp/tkt_$user.`echo \!*|sed 's,/,.,g'`; \\
klist.v4 -t || k524init\\
�)
'
# Show what tickets I'm currently using.
alias tkts 'klist | head -2'
# Switch to/from my root tickets.
alias rooton 'tktswi root'
alias rootoff 'tktme'
# Switch to a new V4 ticket file, but leave the V5 ticket file the same. For
# my principals in other realms that don't yet support V5.
has_kerberos_v4(�
alias 4tktsw 'setenv KRBTKFILE /tmp/tkt_\!*; \\
klist.v4 -t || kinit.v4 \!*'
alias 4tkts 'klist.v4 | head -2'
�)
