Credential Cache for multiple client principal names

Rick van Rein rick at
Wed Jun 29 10:15:11 EDT 2016


I'm trying to create [1] a mechanism to be used from multiple client
principal names, each with their own service tickets.  Secure separation
between the identities is not an issue.

It is not clear to me how to do this.  I suspect I should use
DIR:/var/mytool and perhaps KEYRING: on Linux, but it is not clear if
I'm supposed to read and write tickets (including krbtgt) for various
client principal names in the same cache, or that I should instead
iterate it as a credential cache collection, and prod each credentials
cache for the (default) client principal name and add a new one to the
collection if I need it.

Can you help me, or perhaps show me some examples that do this?


[1] I'm working on a "TLS Pool" daemon [2] that takes TLS logic away
from applications and that will incorporate a mode for Kerberos [3].



More information about the krbdev mailing list