Actually, if I have KRB5CCNAME set to a file in /tmp, and kinit as someone
else, e.g. admin, that will reinitialize the file in /tmp, losing my original
credentials.
With KEYRING (I’m using Centos 7), because it’s a collection, there’s some hope
of maintaining multiple caches properly. If KRB5C
> "CH" == Charles Hedrick writes:
CH> The KEYRING mechanism is nice, in many ways. But it has some
CH> unexpected effects.
It's always good to mention the actual OS you are using. I know most
modern Linux distros provide the KEYRING CCACHE type which uses the
kernel's keyring facility.
CH>
On Tue, 2017-03-14 at 18:59 +, Charles Hedrick wrote:
> The KEYRING mechanism is nice, in many ways. But it has some
> unexpected effects.
>
> There’s a “primary” key for the usual keyring. But this is a global
> object. That is, which cache is primary is the same for all sessions,
> and for N
