KRB5CCNAME is not reread
Jeffrey Altman
jaltman2 at nyc.rr.com
Thu Feb 2 18:10:23 EST 2006
Russ Allbery wrote:
> "Brian C DeRocher" <brian.derocher at mitretek.org> writes:
>> They have the form /tmp/krb5cc_apache_xxxxxx. Each web request has a
>> different suffix. However mod_php stays in memory. It appears that
>> libkrb5 doesn't check if KRB5CCNAME has changed.
>
> mod_php would need to close and reopen the ticket cache, I believe, to
> pick up the change in the default ticket cache name.
KRB5CCNAME is an environment variable that is used by the krb5 library
to obtain the "default" credential cache name. This is used when the
application chooses to open the default credentials cache. The
application passes a handle to the credential cache to the library with
each call. If the credential cache needs to be changed, it is the
responsibility of the application to make that decision.
Jeffrey Altman
More information about the Kerberos
mailing list