KEYRING:persistent and ssh
Tina Harriott
tina.harriott.math at gmail.com
Tue Sep 27 09:20:11 EDT 2016
On 16 September 2016 at 16:02, t Seeger <tseegerkrb at gmail.com> wrote:
> Hello,
>
> i have a little problem with the 'KRB5CCNAME' environment variable. I set
> the default_ccache_name to KEYRING:persistent:%{uid} but if i login it is
> set to "file:/tmp/krb5cc_${uid}_XXXXXXXXXX" cause ssh sets the KRB5CCNAME
> to file:/tmp/krb5cc_${uid}_XXXXXXXXXX...
> I found a workaround with adding "unset KRB5CCNAME" to /etc/bash.bashrc but
> this is not very nice.
> Did anyone had a similar problem and found a solution?
>
> Many thanks in advance and best regards
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
FYI KEYRING: will be removed in future versions of Linux kernel
because of the ongoing design defects.
Also, KEYRING is not secure, under certain scenarios (DOCKER&et al)
unrelated users/uids can obtain the secure data.
Tina
--
Tina Harriott - Women in Mathematics
Contact: tina.harriott.math at gmail.com
More information about the Kerberos
mailing list