multiple principals in one cache?
Ken Hornstein
kenh at cmf.nrl.navy.mil
Wed Nov 10 18:48:14 EST 2010
>* The krb5 GSS mech insists that the cache's default principal matches
>the client name, not just that the cache contains an appropriate ticket.
It's not just the GSS mech that does this, though ... every raw Kerberos
program I've ever seen does the exact same thing. Unless you allow your
program to specify the client principal, I'm not sure what else you could do.
>You can produce a ccache with multiple client principals using ksu.
Didn't know about that; good to know! Although ... huh, I'm looking
at the man page for ksu (probably the ONE Kerberos program I've never
run), and my question is: how, exactly, do you do that?
--Ken
More information about the Kerberos
mailing list