multiple principals in one cache?

Greg Hudson ghudson at MIT.EDU
Mon Nov 15 13:42:56 EST 2010


On Wed, 2010-11-10 at 18:48 -0500, Ken Hornstein wrote:
> >You can produce a ccache with multiple client principals using ksu.
> 
> Didn't know about that; good to know!  Although ... huh, I'm looking
> at the man page for ksu (probably the ONE Kerberos program I've never
> run), and my question is: how, exactly, do you do that?

I don't think it can be used as a general tool for this purpose, but it
does produce such a ccache as a side effect of its regular function.

For example, if I'm logged in with tickets as ghudson at ATHENA.MIT.EDU and
I ksu to root by entering the password for ghudson/root at ATHENA.MIT.EDU,
I wind up with a new ccache containing all of my old tickets (for client
principal ghudson) plus a TGT and host service ticket for client
principal ghudson/root.





More information about the Kerberos mailing list