Multiple principals from different realms via kinit?
Cedric Blancher
cedric.blancher at gmail.com
Thu Aug 28 10:17:41 EDT 2014
On 28 August 2014 15:31, Simo Sorce <simo at redhat.com> wrote:
> On Thu, 2014-08-28 at 14:36 +0200, Cedric Blancher wrote:
>> On 27 August 2014 18:16, Benjamin Kaduk <kaduk at mit.edu> wrote:
>> > On Wed, 27 Aug 2014, ольга крыжановская wrote:
>> >
>> >> How can I use multiple principals from different realms via kinit?
>> >>
>> >> I tried:
>> >> kinit fleyta at WARONTERROR.COM
>> >> ...
>> >> klist shows tgt for fleyta at WARONTERROR.COM
>> >
>> > klist -A shows tickets in all caches in the collection, not just the
>> > current cache (as klist without -A does). You'll generally want to be
>> > using a collection-enabled cache type such as DIR: or a post-1.12 KEYRING:
>> > in order to get the best behavior when using multiple client principals.
>> >
>> > As mentioned already, kswitch is also useful in these situations.
>>
>> How do services like NFSv4, HTTP/spnego or GSSAPI know which of the
>> entries is the one they want?
>
> They'll make a guess based on the realm, or pick the primary.
How do they 'guess'?
Is it possible to get rid of the notion of a primary one day?
Ced
--
Cedric Blancher <cedric.blancher at gmail.com>
Institute Pasteur
More information about the Kerberos
mailing list