Keytab-based initiator creds design
Simo Sorce
simo at redhat.com
Thu Jun 7 16:11:05 EDT 2012
On Thu, 2012-06-07 at 15:59 -0400, Greg Hudson wrote:
> On 06/07/2012 02:56 PM, Simo Sorce wrote:
> >>
> >> - /{var, run}/krb5/user/$USER/keytab
> >> - /{var, run}/krb5/user/$USER/ccache
> >> - /{var, run}/krb5/user/$USER/default_principal
>
> How would this work on Windows?
>
> > So I think I like this proposal, it aligns well with what we are already
> > trying to do there.
> >
> > The /run location should be /run/user/$USER/krb5/ccache though as that
> > is where the various pam modules put stuff
>
> I'm confused. If we're going to make an effort to align with where
> Fedora happens to puts the default per-user ccache, how is that better
> than just using the default ccache? It seems to negate the "no
> surprise" benefit.
>
> (On a complete tangent, how is Fedora going to deal with multiple login
> sessions by the same user?)
They are going to share the same ccache for now.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list