KRB5CCNAME and sshd

Douglas E. Engert deengert at anl.gov
Fri Jan 27 11:13:58 EST 2006



Victor Sudakov wrote:

> Colleagues, 
> 
> I have "GSSAPIAuthentication yes" in sshd_config on the server machine
> and in ssh_config on the client machine.
> 
> Each time I ssh into the server machine, the value of KRB5CCNAME
> (probably set by sshd) is different. Is there a way to keep it 
> the same every time I login?

Not really. Most people want session bassed credential cashes,
so that multiple sessions on the same machine do not interfere with
each other. SSH will delete the session cache at the end of a session
if it created it.

But then again you might want be able to refressh credentials,
in your other sessions. This could be done manually by replacing
the UID based common cache and unsetting the KRB5CCNAME set by sshd.
But don't destory the shared cache. Watch out for console logins
that ususlly use the default cache name.


> 
> The value of "/tmp/krb5cc_NN" where NN is my uid would be fine.
> 
> I am running OpenSSH 3.8.1 on FreeBSD 5.x
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444



More information about the Kerberos mailing list