Expected behavior when KRB5CCNAME=DIR::/path/to/a/file?

Nalin Dahyabhai nalin at redhat.com
Tue Nov 20 17:10:19 EST 2012

Hello, when I set up a directory ccache named, for example,
DIR:/tmp/krb5cc by setting $KRB5CCNAME to that value and running kinit,
both 'klist' and 'klist -A' will subsequently list the TGT.

When doing so, they both indicate that the ticket cache name is
DIR::/tmp/krb5cc/tkt.  If I then set $KRB5CCNAME to this value, 'klist'
can still list its contents, but 'klist -A' fails, while attempting to
begin to iterate over the ccache collection.  GSSAPI clients hit a
similar code path, and are unable to find initiator credentials.

Can anyone verify whether or not this is the intended behavior?  My
reading of the 'Client principal selection' project page didn't turn up
a definite answer.



More information about the krbdev mailing list