Cross Realm Administration?

Douglas E. Engert deengert at
Fri Jan 14 10:27:53 EST 2011

On 1/12/2011 9:03 AM, Jeff draht wrote:
> Here is the manpage for kinit.
> I understand the /tmp for the ticket cache of the user
> that is logged in.
> However, I do not understand you indicating that
> the /etc/krb5/krb5.keytab    is not the keytab file?

Some misunderstanding. /etc/krb5/krb5.keytab is the
system's keytab file, and should be readable only by root.

If you have other services not running as root, and
they need a keytab file, the keytab file should be
owned by the UID running the service. Or if the user has
a keytab file it should readable only be the user.

> The output of this file is diaplayed by a "klist -k"
> "klist"  seems to show the ticket cache for the user
> running the command.

It can show ticket caches or keytab files.
>   /tmp/krb5cc_uid          Default credentials cache  (uid  is
>                                the decimal UID of the user).
>   /etc/krb5/krb5.keytab    Default  location  for  the   local
>                                host's keytab file.
>    /etc/krb5/krb5.conf      Default  location  for  the   local
>                                host's   configuration   file.  See
>                                krb5.conf(4).
> ________________________________________________
> Kerberos mailing list           Kerberos at


  Douglas E. Engert  <DEEngert at>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the Kerberos mailing list