ccache using linux keyring

Sam Hartman hartmans at MIT.EDU
Wed Apr 13 17:43:36 EDT 2005

>>>>> "Jeffrey" == Jeffrey Hutzelman <jhutz at> writes:

    Jeffrey> On Wednesday, April 13, 2005 12:40:50 PM -0400 Kevin
    Jeffrey> Coffman
    Jeffrey> <kwc at> wrote:

    >> The current implementation uses a new keyring created in the
    >> session-specific keyring (KEY_SPEC_SESSION_KEYRING) to
    >> represent a user's credentials cache file.  The principal
    >> information and each ticket are stored in this keyring as an
    >> individual key.  The name of the keyring matches the 'residual'
    >> name as passed to the resolve function and found in KRB5CCNAME.
    >> The principal information is kept in a key named 'krb5_princ'
    >> and each ticket is kept in a sequentially numbered key
    >> 'krb5tkt_000000', etc.  (These individual key names are just
    >> for reference, their key_serial is what is really kept track
    >> of.)

    Jeffrey> Why not name them for the service principal?

I'm concerned that there may be circumstances where you want to have
duplicate or semi-duplicate tickets.  I'm concerned that other ccache
types do not work this way and it seems dangerous to have different


More information about the krbdev mailing list