GSSAPI keytab location per application
Daniel Kahn Gillmor
dkg-mit.edu at fifthhorseman.net
Thu Feb 15 11:46:05 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 2007-02-15 17:32, dpeger at cosa.de said:
> The location of the keytab is either determined by the KRB5_KTNAME
> environment variable (Windows) or the default_keytab_name in the
> krb5.conf (Unix).
$KRB5_KTNAME works under Unix as well.
> Is there any way to specify a keytab different than the default one
> on a per application basis?
Why not just have your application set $KRB5_KTNAME before accessing
the keytab? If that works, then it's just a matter of adding a
configuration option to your program to tell it what file to use.
Even simpler, you could just set (and export) the environment variable
in whatever startup script you use for the service, leaving the
service itself unmodified.
Here's an example that works for me:
https://docs.astro.columbia.edu/browser/trunk/config/servers/mars/etc/default/slapd
hth,
--dkg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
iD8DBQFF1I5LiXTlFKVLY2URAg4NAJ0XObTlYqIuyAf/uf/xIvtexuLotQCffKA4
tqSaB6NjLOkrX8uvzgn1UIo=
=CtCX
-----END PGP SIGNATURE-----
More information about the Kerberos
mailing list