On Wed, 24 Dec 2014, steve wrote:
> On 24/12/14 09:45, Peng Hu PH Pei wrote:
> >
> > Put in krb5.conf and run kinit, the TGT is still in /tmp/:
> >
> > [libdefaults]
> > default_ccache_name = FILE:/var/tmp/krb5cc_%{euid}
> Hi
> I think that should be:
> default_ccache_name = /var/tmp/krb5cc_%{uid}
The type prefix is used, if set; the default is currently to FILE:, but
might conceivably change in the future if someone decides that gratuitous
breakage is a good idea.
> But I don't think we do it in userspace these days. There is a keyring
> cache in the kernel. I think that's what you need.
It's far from clear that the KEYRING: cache type is desired here, and even
if it is, the userspace settings still need to be present just as they
would be for, e.g., a FILE: cache type.
A residual KRB5CCNAME in the environment of the OP's shell might explain
the symptoms; the KRB5_TRACE output from kinit would be useful to see
what's going on.
-Ben Kaduk
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
