documentation on how to set $KRB5CCNAME for kerberized/gssapi applications
Natxo Asenjo
natxo.asenjo at gmail.com
Thu Oct 9 17:10:17 EDT 2014
hi,
When implementing rsyslog with gssapi
(http://www.rsyslog.com/doc/gssapi.html) I came accross the issue
that the rsyslog software expects the credentials cache of the host
principal in /tmp/krb5cc_0; the centos 6.5 hosts joined to a freeipa
kerberos domain save that to /var/tmp/host_0 .
I tried setting this:
KRB5CCNAME='/var/tmp/host_0'
or variations on that (double inverted comma's, no comma's) in
/etc/sysconfig/rsyslog which is the place where one expect to declare
such a variable in redhat/centos systems because that file is sourced
by the init scrip of rsyslog. But unfortunately rsyslog kept
requesting the /tmp/krb5cc_0 file. Copying /var/tmp/host_0 over
/tmp/krb5cc_0 solves this problem and then one can relay syslog
messages using kerberos authentication, but it is not really elegant.
So I asked on the rsyslog list and its main developper asked me what
function should be called to implement the KRB5CCNAME variable for
that application. Could you give me any pointers so that he can
implement that for rsyslog?
Thanks in advance.
--
regards,
natxo
More information about the Kerberos
mailing list