Keytab-based initiator creds design

Greg Hudson ghudson at MIT.EDU
Thu Jun 7 15:59:58 EDT 2012


On 06/07/2012 02:56 PM, Simo Sorce wrote:
>>
>>   - /{var, run}/krb5/user/$USER/keytab
>>   - /{var, run}/krb5/user/$USER/ccache
>>   - /{var, run}/krb5/user/$USER/default_principal

How would this work on Windows?

> So I think I like this proposal, it aligns well with what we are already
> trying to do there.
>
> The /run location should be /run/user/$USER/krb5/ccache though as that
> is where the various pam modules put stuff

I'm confused.  If we're going to make an effort to align with where 
Fedora happens to puts the default per-user ccache, how is that better 
than just using the default ccache?  It seems to negate the "no 
surprise" benefit.

(On a complete tangent, how is Fedora going to deal with multiple login 
sessions by the same user?)


More information about the krbdev mailing list