Why sometimes we got credential /tmp/krb5cc_<uid>_xxxx?
Stephen Frost
sfrost at snowman.net
Fri Sep 5 11:57:53 EDT 2003
* Douglas E. Engert (deengert at anl.gov) wrote:
> This would be a "session" cache, and would be created by sshd for example.
> the xxxxx is mean to make the name unique. You would want a different
> cache for each session, so the sessions would not interfer with each other.
> The sshd would also set the KRB5CCNAME env to point to the cache.
[...]
> Its a feature not a problem.
Actually, it's a rather annoying problem, but not an insurmountable one.
I've set up my shell scripts to do what I consider the 'right' thing.
Basically they move the forwarded tickets provided by sshd into place,
overwritting anything there and then keep a session counter and kdestroy
when the last session has exited. This means I can use forwarded
tickets with screen and things actually work even when I detach, logoff,
logon and reattach to screen.
If anyone's curious in the shell script bits (they're not complex) I'd
be happy to make them available.
Stephen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20030905/b83013bf/attachment.bin
More information about the Kerberos
mailing list