merged linux keyring code

Ken Raeburn raeburn at MIT.EDU
Tue Oct 3 15:35:45 EDT 2006

On Oct 3, 2006, at 09:39, Jeffrey Altman wrote:
>>> I see some stuff in the code referring to sessions, but from my
>>> experimentation, the default seems to be for the stored data to be
>>> per-user, available from all the user's login sessions.  Is that
>>> correct?
>> Yes.  The session keyring is roughly equivalent to an afs pag.  At
>> least the inheritance model is based on the pag inheritance.  So
>> credentials put in the session keyring should be available from all
>> processes sharing that session keyring.
> Ken:
> Are you indicating that if you SSH to the system twice that Kerberos
> credentials obtained in the first session are accessible in the second
> session?

It was a console login session and an ssh session, and I think (this  
was sometimes last week) I either unset KRB5CCNAME, or set it to  
KEYRING:krb5cc which was the default ccache name in Kevin's original  
patch.  I saw the same credentials in both sessions.


More information about the krbdev mailing list