Please Review Changes to Windows Exports List for krb5 1.2.5 in KfW 2.2
Ken Raeburn
raeburn at MIT.EDU
Tue Apr 16 14:53:01 EDT 2002
Nicolas Williams <Nicolas.Williams at ubsw.com> writes:
> There is also a limitation in the MIT krb5 API in that each ccache (and
> I know very little about CCAPI, this may not apply to it) can only
> contain creds for one client principal, so even having multiple initial
> TGTs and complete trust information in krb5.conf, unless there is an API
> that takes multiple ccaches as input there is no way to do what you want
> with a single API call.
Not quite true. A ccache has one default principal, but it can
contain credentials for multiple client principals, as ksu can
demonstrate:
# klist
Ticket cache: FILE:/tmp/krb5cc_0.2
Default principal: raeburn/root at ATHENA.MIT.EDU
Valid starting Expires Service principal
04/16/02 12:17:49 04/16/02 22:17:48 krbtgt/ATHENA.MIT.EDU at ATHENA.MIT.EDU
for client raeburn at ATHENA.MIT.EDU
04/16/02 12:17:51 04/16/02 22:17:48 krbtgt/ATHENA.MIT.EDU at ATHENA.MIT.EDU
for client raeburn at ATHENA.MIT.EDU
04/16/02 12:17:51 04/16/02 22:17:48 afs/dev.mit.edu at ATHENA.MIT.EDU
for client raeburn at ATHENA.MIT.EDU
04/16/02 12:17:51 04/16/02 22:17:48 afs/athena.mit.edu at ATHENA.MIT.EDU
for client raeburn at ATHENA.MIT.EDU
04/16/02 12:17:51 04/16/02 22:17:48 afs/sipb.mit.edu at ATHENA.MIT.EDU
for client raeburn at ATHENA.MIT.EDU
04/16/02 12:17:51 04/16/02 22:17:48 krbtgt/RAEBURN.ORG at ATHENA.MIT.EDU
for client raeburn at ATHENA.MIT.EDU
04/16/02 12:17:51 04/16/02 22:17:48 afs/raeburn.org at RAEBURN.ORG
for client raeburn at ATHENA.MIT.EDU
04/16/02 12:17:51 04/16/02 22:17:48 afs/net.mit.edu at ATHENA.MIT.EDU
for client raeburn at ATHENA.MIT.EDU
04/16/02 14:48:58 04/17/02 02:48:52 krbtgt/ATHENA.MIT.EDU at ATHENA.MIT.EDU
04/16/02 14:48:58 04/17/02 02:48:52 krbtgt/RAEBURN.ORG at ATHENA.MIT.EDU
04/16/02 14:48:58 04/17/02 00:48:58 host/kal-el.raeburn.org at RAEBURN.ORG
...
More information about the krbdev
mailing list