Default client keytab name

Nico Williams nico at
Mon Jul 23 11:36:01 EDT 2012

On Mon, Jul 23, 2012 at 10:28 AM, Sam Hartman <hartmans at> wrote:
>     Greg> That's a little contrary to other discussions we've had on
>     Greg> this issue, given that username can have several different
>     Greg> meanings ($USER, $LOGNAME, getpwuid(getuid()),
>     Greg> getpwuid(geteuid()), wtmp lookup), and systemd decided to
>     Greg> switch to uid-based per-user directories.
> Yes.  I was one of the people bringing that up for ccache in the sssd
> case.
> My rationale is that keytabs are manipulated today mostly by human
> administrators.

But if a daemon like gssd is trying to use said keytab then we're back
to the same problem as with ccaches.  Even w/o a daemon.

BTW, the whole point of this parametrized scheme -for me- is to not
have to rely on environment variables, which means that the only
reasonable interpretation of username here has got to be


More information about the krbdev mailing list