Environment variable for client flags?

John Devitofranceschi jdvf at optonline.net
Sat Jul 7 14:29:56 EDT 2018


Has an environment variable for client flags ever been considered?

The specific use case I’m thinking about is a situation where a user may want to override a system-wide configuration without the overhead of managing their own KRB5_CONFIG file.

Example: krb5.conf specifies that forwardable tickets are to be requested but a principal is defined which disallows the use of forwardable credentials.  If the user could define an environment variable that overrides this and other settings (KRB5_CLIENT_FLAGS=“forwardable=false; ticket_lifetime=10m" for example) they could more easily use a keytab with KRB5_CLIENT_KTNAME, and MEMORY-based credentials.

Any of the settable flags that one can define kinit command line could be set in the variable.

jd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2393 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20180707/19e17528/attachment.bin


More information about the Kerberos mailing list