merged linux keyring code
Ken Raeburn
raeburn at MIT.EDU
Tue Oct 3 15:35:45 EDT 2006
On Oct 3, 2006, at 09:39, Jeffrey Altman wrote:
>>> I see some stuff in the code referring to sessions, but from my
>>> experimentation, the default seems to be for the stored data to be
>>> per-user, available from all the user's login sessions. Is that
>>> correct?
>>
>> Yes. The session keyring is roughly equivalent to an afs pag. At
>> least the inheritance model is based on the pag inheritance. So
>> credentials put in the session keyring should be available from all
>> processes sharing that session keyring.
>
> Ken:
>
> Are you indicating that if you SSH to the system twice that Kerberos
> credentials obtained in the first session are accessible in the second
> session?
It was a console login session and an ssh session, and I think (this
was sometimes last week) I either unset KRB5CCNAME, or set it to
KEYRING:krb5cc which was the default ccache name in Kevin's original
patch. I saw the same credentials in both sessions.
Ken
More information about the krbdev
mailing list