Keytab-based initiator creds design
Russ Allbery
rra at stanford.edu
Thu Jun 7 18:15:03 EDT 2012
Russ Allbery <rra at stanford.edu> writes:
> Simo Sorce <simo at redhat.com> writes:
>> Well I am pushing for getting you a ccache at login time, my idea is
>> that the user shouldn't even know nor care that they have a ccache and
>> not have to learn to use kinit. Of course admins need to, but I would
>> expect them to know what they are doing :)
> This works up until the point when your ticket cache expires.
> Refreshing an expired ticket cache is the primary reason why our users
> run kinit.
Hm, and it's worth noting that for *that* use case, a shared cache rather
than a per-session cache is actually much nicer.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list