KRB5CCNAME and sshd

Donn Cave donn at u.washington.edu
Fri Jan 27 14:02:43 EST 2006


In article <drdj08$1t50$1 at relay.tomsk.ru>,
 Victor Sudakov <vas at mpeks.no-spam-here.tomsk.su> wrote:

> I will tell you what I am trying to achieve, perhaps you can give me
> advice. 
> 
> I "kinit -f" on the client box at home and then ssh to the server box
> at work.  On the server box, I have screen(1) running, which I
> reattach after login and detach before logout. It runs for weeks and
> even months on end.
> 
> You know that all screen "sessions" or "windows" inherit the
> environment variables from the shell where screen was started
> initially. So, $KRB5CCNAME in the screen "sessions" points to stale
> credential caches, even though the fresh credentials have been
> correctly forwarded from the client machine and are available in some
> new place (but there is no way to inform the applications within
> screen about this new place).
> 
> I would like to achieve that if my credentials have been forwarded to
> the server box, they should be refreshed in all the screen windows.

That certainly must be a manual operation.  I don't use screen,
but I suppose you have a number of concurrent shell processes,
and they are not really aware of this connect/disconnect cycle,
so they have no way to know when it's time to update KRB5CCNAME.
You must therefore enter some command, in each window, to get
them to do that.

The command can be a simple one, if you use an alias or shell
procedure.  Your shell startup can save the value of KRB5CCNAME
somewhere so the old screen shell can find it.

   Donn Cave, donn at u.washington.edu



More information about the Kerberos mailing list