multiple principals in one cache?
Russ Allbery
rra at stanford.edu
Wed Nov 10 18:37:31 EST 2010
Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:
> - Play some games with credential caches. Have two simultaneous credential
> caches and switch between them via changing environment variables.
> - Use a Mac, which already has support for this. Although what IT does is
> a little bit funky: it keeps the tickets for the different principals
> around in another credential cache, so the tickets for user at REALM-1
> are segregated from the tickets for user at REALM-2 (see the -A option
> to klist and kswitch under MacOS X). But it works and is probably
> the most reasonable option that I know, given all of the issues that
> are involved with it.
> Most people I know pick the second option.
Note that these two options are essentially identical, with kswitch on
UNIX being implemented as "change your KRB5CCNAME environment variable."
The second option (the first one I quote above) is basically a buggy
version of the third option.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list