Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to set the Kerberos default_ccache_name attribute on a client without using KRB5CCNAME?

Tags:

linux

unix

aix

kerberos

According to the MIT Kerberos documentation, the default credential cache name is determined as follows:

Default ccache name

The default credential cache name is determined by the following, in descending order of priority:

1. The KRB5CCNAME environment variable. For example, KRB5CCNAME=DIR:/mydir/.
2. The default_ccache_name profile variable in [libdefaults].
3. The hardcoded default, DEFCCNAME.

http://web.mit.edu/kerberos/krb5-devel/doc/basic/ccache_def.html

I'm wondering if there's a way to define default_ccache_name profile variable (#2) on the client side? I've tried defining it as follows in /etc/krb5.conf on one of my client machines:

[libdefaults]
        ...
        default_ccache_name = FILE:/var/krb5/security/creds/krb5cc_%{uid}
        ...

But the client binaries (klist / kinit / kdestroy etc.) seem to ignore this completely:

[~]$ klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_34125)

I'm running version 1.9.4:

[~]$ klist -V
Kerberos 5 version 1.9.4
like image 829
Squirrel Avatar asked Apr 20 '15 13:04

Squirrel

People also ask

What is credential cache in Kerberos?

The credential cache file holds Kerberos protocol credentials (for example, tickets, session keys, and other identifying information) in semipermanent storage. The Kerberos protocol reads credentials from the cache as they are required and stores new credentials in the cache as they are obtained.

Where is Kerberos cache stored?

Another option is to use Kerberos keytab file. Kerberos ticket cache can be transparently consumed by many tools, whereas Kerberos keytab requests additional setup to plug in to tools. Kerberos ticket cache file default location and name are C:\Users\windowsuser\krb5cc_windowsuser and mostly tools recognizes it.

What is krb5 Ccache?

cache. type. This configuration parameter specifies the type of Kerberos credential cache that the agent (adclient) creates when an Active Directory user logs in. The parameter value can be set to FILE or KCM.

1 Answers

Drat, I think I found my own answer -- version 1.9.4 doesn't have this parameter:

http://web.mit.edu/kerberos/www/krb5-1.9/krb5-1.9.4/doc/krb5-admin.html

It would help to look in the right documentation...

like image 169
Squirrel Avatar answered Sep 30 '22 20:09

Squirrel
Sign in to Comment

Related questions

Buffer Size in C++
how to run Emacs when SSH-ing from Linux to Mac OS X (with XForwarding)?
mq_open() - EACCES, Permission denied
What are the differences between C/C++ bare-metal compilation and compilation for a specific OS (Linux)?
Native Library bluecove_arm not available
Why do we need to disable interrupt before WFI in ARM Linux cpu_idle
how to make a nodejs file executable with --harmony option
android logcat messages invisible in eclipse
Boost UDP socket issue on unix - bind: address already in use
File in which the data structure for Global Descriptor and Local Descriptor table is defined?
What was the `FUTEX_REQUEUE` bug?
How to implement a timeout in open/write function
what does "flush 253:0" in iotop file on RHEL
How do I count total lines of remote git repository
Install vim-go in linux?
perf stat gives different number of instruction for every run
How is Python blocking signals while os.system("sleep...")?
What is the time complexity of reading a file from a Linux filesystem?
How to find global static initializations
reading a C++ ifstream twice?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!