OS X 10.2: how to create a new ccache from command line?
Alexandra Ellwood
lxs at MIT.EDU
Tue Sep 30 14:52:29 EDT 2003
>I've found how to switch among multiple ccaches (kswitch) but I
>can't find a way to create a second ccache. Is there an existing
>command-line way to do it?
Kerberos.app (in /System/Library/CoreServices) and the Mac OS X kinit
will automatically create a new ccache for each principal you get
tickets for. This is intended to make it easier for users trying to
manage multiple Kerberos principals. In order to not totally confuse
users of Unix-style kinits, if the Mac OS X kinit creates a new
ccache, it sets that new ccache to the system default.
If you want to be able to create multiple ccaches containing the same
principal or have kinit always replace the contents of the current
default ccache, you will need to build your own kinit. For krb5-only
realms you can just download the 1.3.1 sources, build kinit.c and
link it against the Kerberos framework.
>Moreover, can I get command-line apps such as ssh to use one cache
>in one Terminal window and another in another?
New krb5_contexts will pick up the current "system default" ccache
(the underlined one in Kerberos.app) and cache it for the lifetime of
the context.
krb5 and gss programs ported from Unix will also honor the KRB5CCNAME
environment variable. So you should be able to set the variable to a
cache name (eg: "API:0" or "API:Initial default ccache") to select a
different cache than the system default one for a terminal window.
Note that in Jaguar the Mac OS X command line tools (ie: klist, etc)
don't honor KRB5CCNAME. You will need to specify the cache as an
argument to these tools if you want to see the ccache you selected.
Hope this helps,
--lxs
--
-----------------------------------------------------------------------------
Alexandra Ellwood <lxs at mit.edu>
MIT Information Systems http://mit.edu/lxs/www/
-----------------------------------------------------------------------------
--
More information about the krbdev
mailing list