KRB5CCNAME and sshd

"Martin v. Löwis" martin at v.loewis.de
Sat Jan 28 06:17:40 EST 2006


Victor Sudakov wrote:
> However, a manual operation could be easily avoided if I could
> persuade sshd to store the forwarded credentials always in the same
> place.

Use the source, Luke. In auth-krb5.c:ssh_krb5_cc_gen, the credentials
cache is generated through

  snprintf(ccname, sizeof(ccname),
            "FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
  mkstemp(ccname + strlen("FILE:"));

No provision for non-temp ccnames is made.

So either change the code, or use a different SSH server, or accept
the way things are.

In your specific case, creating a symlink from a fixed ccname to the
session-created one might do the trick.

Regards,
Martin



More information about the Kerberos mailing list