KRB5CCNAME and sshd
"Martin v. Löwis"
martin at v.loewis.de
Sat Jan 28 06:17:40 EST 2006
Victor Sudakov wrote:
> However, a manual operation could be easily avoided if I could
> persuade sshd to store the forwarded credentials always in the same
> place.
Use the source, Luke. In auth-krb5.c:ssh_krb5_cc_gen, the credentials
cache is generated through
snprintf(ccname, sizeof(ccname),
"FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
mkstemp(ccname + strlen("FILE:"));
No provision for non-temp ccnames is made.
So either change the code, or use a different SSH server, or accept
the way things are.
In your specific case, creating a symlink from a fixed ccname to the
session-created one might do the trick.
Regards,
Martin
More information about the Kerberos
mailing list