Multiple principals from different realms via kinit?
Greg Hudson
ghudson at mit.edu
Thu Aug 28 11:52:52 EDT 2014
On 08/28/2014 06:05 AM, ольга крыжановская wrote:
> How do I enable collections?
Set KRB5CCNAME to use a collection-enabled cache type, typically DIR.
For example:
mkdir /tmp/mydir
KRB5CCNAME=DIR:/tmp/mydir
export KRB5CCNAME
kinit princ1
klist # shows princ1 tickets in DIR::/tmp/mydir/tktXXXXX
kinit princ2
klist # shows princ2 tickets in DIR::/tmp/mydir/tktYYYYY
klist -l # shows a list with both ccaches
klist -A # shows tickets in both ccaches
kswitch -p princ1
klist # shows princ1 tickets
If klist shows a FILE ccache, then collection behavior are not enabled,
and only the most recently-acquired tickets can be used.
More information about the Kerberos
mailing list