KRB5CCNAME and sshd
Douglas E. Engert
deengert at anl.gov
Fri Jan 27 11:13:58 EST 2006
Victor Sudakov wrote:
> Colleagues,
>
> I have "GSSAPIAuthentication yes" in sshd_config on the server machine
> and in ssh_config on the client machine.
>
> Each time I ssh into the server machine, the value of KRB5CCNAME
> (probably set by sshd) is different. Is there a way to keep it
> the same every time I login?
Not really. Most people want session bassed credential cashes,
so that multiple sessions on the same machine do not interfere with
each other. SSH will delete the session cache at the end of a session
if it created it.
But then again you might want be able to refressh credentials,
in your other sessions. This could be done manually by replacing
the UID based common cache and unsetting the KRB5CCNAME set by sshd.
But don't destory the shared cache. Watch out for console logins
that ususlly use the default cache name.
>
> The value of "/tmp/krb5cc_NN" where NN is my uid would be fine.
>
> I am running OpenSSH 3.8.1 on FreeBSD 5.x
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list