On credential cache separation between service ticket and TGT

[Russ Allbery]

Arpit Srivastava <arpit.orb at gmail.com> writes:

> I have a centralized service for doing kinit and storing krb5cc at an
> informed path.

If you're doing this from a keytab, note that kinit can obtain credentials
for a particular service principal directly.  You don't have to get a TGT;
you can tell it to do an AS-REQ for the specific credentials you want
instead.  That way, the TGT never exists in the ticket cache.

-- 
Russ Allbery (eagle at eyrie.org)              <http://www.eyrie.org/~eagle/>