Menu
According to the MIT Kerberos documentation, the default credential cache name is determined as follows:
Default ccache name
The default credential cache name is determined by the following, in descending order of priority:
1. The KRB5CCNAME environment variable. For example, KRB5CCNAME=DIR:/mydir/. 2. The default_ccache_name profile variable in [libdefaults]. 3. The hardcoded default, DEFCCNAME.
http://web.mit.edu/kerberos/krb5-devel/doc/basic/ccache_def.html
I'm wondering if there's a way to define default_ccache_name profile variable (#2) on the client side? I've tried defining it as follows in /etc/krb5.conf on one of my client machines:
[libdefaults]
...
default_ccache_name = FILE:/var/krb5/security/creds/krb5cc_%{uid}
...
But the client binaries (klist / kinit / kdestroy etc.) seem to ignore this completely:
[~]$ klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_34125)
I'm running version 1.9.4:
[~]$ klist -V
Kerberos 5 version 1.9.4
829
The credential cache file holds Kerberos protocol credentials (for example, tickets, session keys, and other identifying information) in semipermanent storage. The Kerberos protocol reads credentials from the cache as they are required and stores new credentials in the cache as they are obtained.
Another option is to use Kerberos keytab file. Kerberos ticket cache can be transparently consumed by many tools, whereas Kerberos keytab requests additional setup to plug in to tools. Kerberos ticket cache file default location and name are C:\Users\windowsuser\krb5cc_windowsuser and mostly tools recognizes it.
cache. type. This configuration parameter specifies the type of Kerberos credential cache that the agent (adclient) creates when an Active Directory user logs in. The parameter value can be set to FILE or KCM.
Drat, I think I found my own answer -- version 1.9.4 doesn't have this parameter:
http://web.mit.edu/kerberos/www/krb5-1.9/krb5-1.9.4/doc/krb5-admin.html
It would help to look in the right documentation...
169
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
