Keytab-based initiator creds design

[Nico Williams]

On Sat, Jun 2, 2012 at 8:33 PM, Greg Hudson <ghudson at mit.edu> wrote:
> To avoid needing to set up environment variables, I think we wind up
> having to key off the uid or $USER or $HOME.  For example, we could have
> a krb5.conf variable which determines the keytab and ccache names and
> has substitutions for the username.  Or we could look for a named keytab
> in a specific place under $HOME (and then if we find it, do something to
> figure out the ccache and principal name).  Or we could have a small
> config file under $HOME.  Of course these ideas only work if each
> service runs as a separate uid--which is usually a good idea, but isn't
> universal in practice.

Oh, FYI, Heimdal supports a config file in the user's $HOME.

Nico
--