On Jul 22, 2019, at 1:00 PM, Greg Hudson <ghud...@mit.edu<mailto:ghud...@mit.edu>> wrote:
By my reading, KEYRING also doesn't generally include the uid in the name. Again, I can only speak for what I see in Redhat and Ubuntu. The default for KRB5CCNAME is KEYRING:persistent:UID. Something (I think a combination of the library and the kernel) prevents users from accessing anything that doesn’t start with KEYRING:persistent:UID with their own UID. Root can access them all. KEYRING:persistent:UID is a collection. All actual caches are KEYRING:persistent:UID:stuff, so there’s no ambiguity. There are other formats for KEYRING for per-process, etc., but as far as I know they’re not used and would be pretty hard to use except for inside a specific application. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
