Cross Realm Administration?
Douglas E. Engert
deengert at anl.gov
Fri Jan 14 10:27:53 EST 2011
On 1/12/2011 9:03 AM, Jeff draht wrote:
> Here is the manpage for kinit.
> I understand the /tmp for the ticket cache of the user
> that is logged in.
> However, I do not understand you indicating that
> the /etc/krb5/krb5.keytab is not the keytab file?
Some misunderstanding. /etc/krb5/krb5.keytab is the
system's keytab file, and should be readable only by root.
If you have other services not running as root, and
they need a keytab file, the keytab file should be
owned by the UID running the service. Or if the user has
a keytab file it should readable only be the user.
> The output of this file is diaplayed by a "klist -k"
> "klist" seems to show the ticket cache for the user
> running the command.
It can show ticket caches or keytab files.
> /tmp/krb5cc_uid Default credentials cache (uid is
> the decimal UID of the user).
> /etc/krb5/krb5.keytab Default location for the local
> host's keytab file.
> /etc/krb5/krb5.conf Default location for the local
> host's configuration file. See
> Kerberos mailing list Kerberos at mit.edu
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the Kerberos