[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM and Kerberos



> So? If you're forwarding a TGT why would you then run kinit?

I was going to say "kinit -R", but that doesn't seem to have made me
a new ccache file.

gungnir 325% ls -li $KRB5CCNAME
   20 -rw-------   1 crawdad  dcg         1801 Aug 15 09:43 /tmp/krb5cc_console
gungnir 326% kinit -R
gungnir 327% ls -li $KRB5CCNAME
   20 -rw-------   1 crawdad  dcg          905 Aug 15 13:39 /tmp/krb5cc_console


Anyway, i think it'll be great to have telnet able to forward a later
credential.  That's one more thing I can cross off my "round tuit"
list.  I've been copying newer ccache's across with rsh, which is
cumbersome, but at least I seldom need it.

A really whizzo function would be the ability not to forward your
TGT, but to trap accesses to your remote ccache and get your local
host to do the TGS_REQ when needed and send back the needed cred.
Some sort of IPC: ccache type could do this without violence to the
applications.
				Matt Crawford





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []