kinit error with systemd

Greg Hudson ghudson at MIT.EDU
Sun Oct 6 12:37:40 EDT 2013


On 10/06/2013 06:18 AM, steve wrote:
> Thanks. It works fine. Just a pity that something like this had to
> change. It worked fine when the cache was create in /tmp.

The upstream default is still /tmp/krb5cc_%{uid}.  In 1.11 we added the 
ability to change the default ccache name, either at build time or in 
/etc/krb5.conf.  I wasn't aware that OpenSUSE had started doing this in 
their build, but it's not entirely surprising given that they use 
systemd.  You should be able to change it back in krb5.conf if you prefer:

     [libdefaults]
         default_ccache_name = /tmp/krb5cc_%{uid}

We're aware of the unfortunate corner cases which result from using a 
systemd per-user temporary directory as the default.  For 1.12, Simo 
Sorce and I have done some work on the KEYRING ccache type which, in 
combination with some new kernel features, should make it a reasonable 
choice for a per-user default.  Obviously, that only helps on Linux, so 
we don't consider it a complete solution.  In the longer term, we hope 
to introduce a daemon-backed ccache type (like Kerberos for Window's 
CCAPI or Heimdal's KCM) which can work on all Unix-like platforms.



More information about the Kerberos mailing list