Getting root's cred in the ccache from keytab
Tomas Kuthan
tomas.kuthan at oracle.com
Tue Mar 25 10:54:03 EDT 2014
Hi,
on Solaris, if root needs a TGT (for instance for sec nfs) and doesn't
have it in cache, an attempt is made in krb5_gss_init_sec_context() to
get one using system keytab. First keys for
'root/hostname.some.domain at REALM' are sought, followed by
'host/hostname.some.domain at REALM' and 'HOSTNAME$@REALM'.
I was told, that similar logic might be implemented in MIT Kerberos, but
I was not able to find support for it in the code, nor in documentation.
I also did a quick test and it doesn't seem to work for me, at least not
under the same conditions as with Solaris...
Does MIT Kerberos support root getting TGT from keytab?
If yes, could you please point me to place in code?
Thanks,
Tomas
More information about the krbdev
mailing list