Problem with /tmp/krb5cc_%uid cache file name

Rainer Krienke krienke at uni-koblenz.de
Fri Dec 18 05:42:23 EST 2015


Am 17.12.2015 um 18:18 schrieb Simo Sorce:
>> 	
>> 	default_ccache_name = /tmp/krb5cc_{%service}
>>
>> however there is no %service parameter expansion available.
>>
>> Any idea how to solve this name-conflict?
> 
> Start cron with a differnt krb5.conf file (using the KRB5_CONFIG
> environment variable) and use a completely separate directory for the
> ccache files used by cron jobs, so they won't interfere with NFS ?
> 
> Simo.

Thanks for this idea. I tried this way and in between its running. If my
NFS hang-Problem has gone is something I know in a about week.

However it was not as simple as I though to just set KRB5_CONFIG to a
special krbcron.conf file with a different default_ccache_name setting.
This did not work. When cron started it did simply not use the new
ccache file alltought I started cron wit KRB5_CONFIG environment variable.

It turned out the rpc.gssd was to blame. It has a compiled in default
list of ccache directories it searches for credential files, and the
directory I had chosen in my krb5cron.conf was not in them. After I
changed the rpc.gssd call to include this directory (rpc.gssd -d
dir1:dir2:....) it works now.

Thanks a lot
Rainer

-- 
Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse 1
56070 Koblenz, Tel: +49261287 1312 Fax +49261287 100 1312
Web: http://userpages.uni-koblenz.de/~krienke
PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5085 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20151218/787ab4fa/attachment.bin


More information about the Kerberos mailing list