<<< text/plain; charset=ISO-8859-1; format=flowed: Unrecognized >>>
--- Begin Message ---Donn Cave schrieb:Quoth [EMAIL PROTECTED] (Klaas Hagemann):Ok, but when i do this, i cannot use the krb5 credentials for any other application, e.g. to achieve single sign on.
...
| after doing kinit the kerberos client creates a krb5 ticket cache file | like /tmp/krb5cc_506.
|
| Another user having root privileges on this client can optain these | ticket cache file and have the network wide rights of the owner of this | ticket.
|
| Is there any chance that the ticket is stored in memory rather than on | the local disk? can i configure it in any way?
Yes! Try this:
$ KRB5CCNAME=MEMORY:0 kinit
Password for [EMAIL PROTECTED]:
You are right, of course, gone with the wind...
Now look for your credentials in /tmp, and they won't be there. They won't be anywhere else either, they're just gone, along with the kinit process that owned that storage, but that would be what you wanted.Donn Cave, [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos--- End Message ---
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
