Bug#551078: libpq5: Possibility to specify the Kerberos keytab file

Wed, 11 Jan 2012 03:42:22 -0800 

В Срд, 11/01/2012 в 18:13 +0700, Ivan Shmakov пишет:
> >>>>> Denis Feklushkin <denis.feklush...@gmail.com> writes:
> >>>>> В Срд, 11/01/2012 в 17:06 +0700, Ivan Shmakov пишет:
> >>>>> Denis Feklushkin <denis.feklush...@gmail.com> writes:
> 
> […]
> 
>  > This problem is not in libpq, I think we can close this issue.
> 
>       A quick scan over the kinit(1) manual page reveals that there's
>       no problem, actually.  Thus, I suggest that this report is to be
>       closed.  (I doubt whether it should be wontfix or resolved.)
> 

I am agree

>       Consider, e. g.:
> 
> $ cat < example.sh 
> #!/bin/bash
> set -e
> set -- $(mktemp -t) $(mktemp -t)
> 
> ## try one identity 
> export KRB5CCNAME=$1
> kinit foo
> klist
> 
> ## try another one
> export KRB5CCNAME=$2
> kinit bar
> klist
> 
> ## back to the first one
> export KRB5CCNAME=$1
> klist
> 
> ## finished
> for i ; do KRB5CCNAME=$i kdestroy ; done
> $ bash example.sh 
> f...@example.org's Password:
> Credentials cache: FILE:/tmp/tmp.DhnjLEVNQU
>         Principal: f...@example.org
> 
>   Issued           Expires          Principal
> Jan 11 18:04:15  Jan 12 04:04:15  krbtgt/example....@example.org
> b...@example.org's Password:
> Credentials cache: FILE:/tmp/tmp.KbCJVivfBt
>         Principal: b...@example.org
> 
>   Issued           Expires          Principal
> Jan 11 18:04:17  Jan 12 04:04:16  krbtgt/example....@example.org
> Credentials cache: FILE:/tmp/tmp.DhnjLEVNQU
>         Principal: f...@example.org
> 
>   Issued           Expires          Principal
> Jan 11 18:04:15  Jan 12 04:04:15  krbtgt/example....@example.org
> $ 
> 

But this is not normal simultaneous operation. Also I think that the
ticket automatically will not be prolongated, for example.

Ideally would like to be able to get this:

$ klist -l
  Name                      Cache name             Expires         
f...@example.org           /tmp/foo_krb5cc_1000   Jan 12 05:36:02   *
b...@example.org           /tmp/bar_krb5cc_1000   Jan 12 05:36:27   *

And the system could automatically choose the right credentials...

> […]
> 
>  >>> Confirmed, Heimdal's kinit with -t option works fine.
> 
>  >> … Is libpq then able to use these credentials?
> 
>  > Yes.
> 
>       ACK, thanks.
> 






-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to