Multiple cache files

Wed Apr 19 16:09:02 EDT 2017


I have the following situation.
I have my Kerberos client(Linux) running on a device, which has access to
the KDC and Active Directory(AD) Server.
My Kerberos client process is run by the root.

I have another application(which can run from anywhere but has access to my
device) which uses the Kerberos client above to authenticate the user and
access the AD server.
When the user logon to the device, the credentials cache is generated with
the username(krb5cc_%{username}), which is nothing but the root

When a second user logon on before the first user logout, the first 'cc' is
replaced with the principal of the second user (Correct me).

I need a way to have 'cc' created for each user and enable access to the AD
server indepently from different instances of the application.

To achieve that, I have modified the krb5 default cc to use the principal
name. However, I am not sure if I am doing it right because, when the user
tries to login further, it always tries to look for the default cc.

Could anyone throw some light on using multiple cc or cc/user from the same
client simultaneously?


More information about the krbdev mailing list