Default client keytab name

Sam Hartman hartmans at MIT.EDU
Mon Jul 23 11:28:03 EDT 2012

>>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:

    Greg> On 07/23/2012 09:33 AM, Sam Hartman wrote:
    >> 1) I'd prefer username based to uid-based for the default. That's
    >> easier to deal with most of the time

    Greg> That's a little contrary to other discussions we've had on
    Greg> this issue, given that username can have several different
    Greg> meanings ($USER, $LOGNAME, getpwuid(getuid()),
    Greg> getpwuid(geteuid()), wtmp lookup), and systemd decided to
    Greg> switch to uid-based per-user directories.

Yes.  I was one of the people bringing that up for ccache in the sssd

My rationale is that keytabs are manipulated today mostly by human
Telling someone to install cyrus.keytab and chown it to cyrus is going
to work better than telling someone to  look up the uid for cyrus and
install the keytab.

For Debian and Ubuntu (and possibly Fedora) this is particularly true
because the name of service users created to run services is constant,
but uids are assigned on a per-system basis.

In contrast, ccaches are often created by the system. People who
manually manipulate ccaches are generally in a position to set
environment variables.

Setting environment variables for service processes is remarkably

I realize you have to pick a name to use.  It seems like it should
probably be getpwnam(getuid()|geteuid()) I guess geteuid() is right for
this to be more consistent with the rest of the library.


More information about the krbdev mailing list