credential cache file name

Ken Raeburn raeburn at MIT.EDU
Wed Mar 27 21:36:01 EST 2002


nijsure at cs.unt.edu (Sandeep) writes:
> Hi all,
> 
> I have two questions regarding the credential cache.
> 
> 1. I had read somewhere that it is possible to configure whether the Krb5 
> credentials are to be stored in a file, or just in memory. How to configure that?
> Does each user has this option about his/her credentials?

The MIT code can use memory for a temporary credentials cache, but
it's not shared between processes.  I think there's some ancient code
in the krb4 support for using shared memory segments, but no one has
tried to apply it to the krb5 ccache code to my knowledge.  It would
be nice....  (See tf_shm.c, but watch out for all the uid-swapping
junk.)

> 2. My credential cache file name is not /tmp/krb5cc_(uid), but something like
> /tmp/krb5cc_a7s8mr. Why is that happening?

Depends how you're getting logged in; something, somewhere is probably
setting the KRB5CCNAME environment variable.  The application server
code MIT ships uses /tmp/krb5cc_p<pid> or /tmp/krb5cc_<tty> for
managed login sessions.  If you're using a PAM module or something
else that sets up your environment for krb5, it may be setting this
variable to these (maybe?) random identifiers.

Ken



More information about the Kerberos mailing list