Keytab-based initiator creds design
Simo Sorce
simo at redhat.com
Thu Jun 7 16:25:06 EDT 2012
On Thu, 2012-06-07 at 13:18 -0700, Russ Allbery wrote:
> Simo Sorce <simo at redhat.com> writes:
> > On Thu, 2012-06-07 at 15:59 -0400, Greg Hudson wrote:
>
> >> (On a complete tangent, how is Fedora going to deal with multiple login
> >> sessions by the same user?)
>
> > They are going to share the same ccache for now.
>
> Just FYI, our users would consider it a showstopper bug if a shared cache
> is used and is destroyed when only one (but not all) of their sessions
> ended. I don't know if you have some way of dealing with that in your
> pam_krb5.
When sssd is used the default ccache is not destroyed until all user
processes are gone.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list