Separate in-/out- ccaches.
Peter Mogensen
apm at one.com
Sat Feb 22 15:55:02 EST 2014
On 2014-02-22 21:43, Greg Hudson wrote:
> On 02/22/2014 02:57 PM, Peter Mogensen wrote:
>> This works fine with a MEMORY ccache to hold til tickets.
>> But since you can only provide 1 ccache to the libkrb5 API that also
>> means the service1 has to do an AS-REQ for a TGT to put in that MEMORY
>> ccached for every request.
> [...]
>> Is there a way to do what I'm looking for?
>
> Can you make a master ccache with the TGT and then copy it (with
> krb5_cc_copy_creds) to another ccache for each client?
Hmm.. yes... I actually thought of injecting the TGT into the MEMORY
ccache from a persistent source, but I didn't think of copying an entire
ccache.
I would guess the approach you suggest would benefit from some double
checking that there not being other credentials in the master ccache
than the TGT.
But yes... I guess that would kinda work.
Thanks,
/Peter
More information about the Kerberos
mailing list