Keytab-based initiator creds design
Greg Hudson
ghudson at MIT.EDU
Thu Jun 7 15:59:58 EDT 2012
On 06/07/2012 02:56 PM, Simo Sorce wrote:
>>
>> - /{var, run}/krb5/user/$USER/keytab
>> - /{var, run}/krb5/user/$USER/ccache
>> - /{var, run}/krb5/user/$USER/default_principal
How would this work on Windows?
> So I think I like this proposal, it aligns well with what we are already
> trying to do there.
>
> The /run location should be /run/user/$USER/krb5/ccache though as that
> is where the various pam modules put stuff
I'm confused. If we're going to make an effort to align with where
Fedora happens to puts the default per-user ccache, how is that better
than just using the default ccache? It seems to negate the "no
surprise" benefit.
(On a complete tangent, how is Fedora going to deal with multiple login
sessions by the same user?)
More information about the krbdev
mailing list