Multiple principals from different realms via kinit?

Simo Sorce simo at redhat.com
Thu Aug 28 09:31:07 EDT 2014


On Thu, 2014-08-28 at 14:36 +0200, Cedric Blancher wrote:
> On 27 August 2014 18:16, Benjamin Kaduk <kaduk at mit.edu> wrote:
> > On Wed, 27 Aug 2014, ольга крыжановская wrote:
> >
> >> How can I use multiple principals from different realms via kinit?
> >>
> >> I tried:
> >> kinit fleyta at WARONTERROR.COM
> >> ...
> >> klist shows tgt for fleyta at WARONTERROR.COM
> >
> > klist -A shows tickets in all caches in the collection, not just the
> > current cache (as klist without -A does).  You'll generally want to be
> > using a collection-enabled cache type such as DIR: or a post-1.12 KEYRING:
> > in order to get the best behavior when using multiple client principals.
> >
> > As mentioned already, kswitch is also useful in these situations.
> 
> How do services like NFSv4, HTTP/spnego or GSSAPI know which of the
> entries is the one they want?

They'll make a guess based on the realm, or pick the primary.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York



More information about the Kerberos mailing list