Victor Sudakov wrote:
> However, a manual operation could be easily avoided if I could
> persuade sshd to store the forwarded credentials always in the same
> place.
Use the source, Luke. In auth-krb5.c:ssh_krb5_cc_gen, the credentials
cache is generated through
snprintf(ccname, sizeof(ccname),
"FILE:/tmp/krb5cc_%d_XXXXXXXXXX", geteuid());
mkstemp(ccname + strlen("FILE:"));
No provision for non-temp ccnames is made.
So either change the code, or use a different SSH server, or accept
the way things are.
In your specific case, creating a symlink from a fixed ccname to the
session-created one might do the trick.
Regards,
Martin
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
