This is really impractical, since most applications attempt to use tickets for the default principal named in the ticket. Unless [all of] your applications intend explicitly acquire credentials for a named [client] principal, a single credential's cache is going to be difficult.
My personal recommendation would be: 1 - use a single realm if politics and other factors permit (if you've already set up three realms, then there are factors prohibiting you from doing this). 2 - have each your users belong to a single realm and enable trust across realms (note, some apps only authorize users in the local realm). In this case each user will have a single identity, not three. 3 - have users use separate credential cache files for each realm (defined via KRB5CCNAME). If you can figure out a way to automate this for your users, you'll save them huge headaches. >>>>> "Grace" == Grace Tsai <[EMAIL PROTECTED]> writes: Grace> Hi, Grace> We have three different realms listed in our krb5.conf file. Grace> How can we let users keep credentials given by different realms Grace> into the same /tmp/krb5cc_<uid> file? Grace> Thanks in advance. Grace> Grace Grace> ________________________________________________ Grace> Kerberos mailing list [EMAIL PROTECTED] Grace> https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
