ccache using linux Keyrings

Wachdorf, Daniel R drwachd at
Wed Apr 12 13:27:07 EDT 2006

It might be desirable that an application (or the kernel) which did not
have access to the ENV search the keyrings in order of presence (thread
-> session) (ie GSSD).  If I went through the trouble of creating a
thread specific keyring - I want that one used. 

This would be different from the "default" credentials cache used
Kerberos credentials cache libs - which I agree should be session.

-----Original Message-----
From: krbdev-bounces at [mailto:krbdev-bounces at] On Behalf
Of Sam Hartman
Sent: Wednesday, April 12, 2006 11:18 AM
To: Kevin Coffman
Cc: Andy Adamson; Machin, Glenn D; krbdev at
Subject: Re: ccache using linux Keyrings

>>>>> "Kevin" == Kevin Coffman <kwc at> writes:

    Kevin> You can find the code Dan is talking about at:

    Kevin> I think that having three alias ccache types such as
    Kevin> KRTHREAD:, KRPROCESS:, and KRSESSION is another possible
    Kevin> way of expressing which keyring to associate the
    Kevin> credentials.

Or keyring:thread:, etc.  I think that keyring: should default to the
session keyring.

I do believe it is a requirement that fyou be able to fully specify
the ccache with the argument to krb5_cc_resolv so you do need to be
able to specify which ccache within a keyring.


krbdev mailing list             krbdev at

More information about the krbdev mailing list