Donn Cave wrote: >> I will tell you what I am trying to achieve, perhaps you can give me >> advice. >> >> I "kinit -f" on the client box at home and then ssh to the server box >> at work. On the server box, I have screen(1) running, which I >> reattach after login and detach before logout. It runs for weeks and >> even months on end. >> >> You know that all screen "sessions" or "windows" inherit the >> environment variables from the shell where screen was started >> initially. So, $KRB5CCNAME in the screen "sessions" points to stale >> credential caches, even though the fresh credentials have been >> correctly forwarded from the client machine and are available in some >> new place (but there is no way to inform the applications within >> screen about this new place). >> >> I would like to achieve that if my credentials have been forwarded to >> the server box, they should be refreshed in all the screen windows. > > That certainly must be a manual operation. I don't use screen, > but I suppose you have a number of concurrent shell processes,
The applications running under screen are not necessarily shell processes. They could be applications like a mail client, IRC client etc. > and they are not really aware of this connect/disconnect cycle, Correct. > so they have no way to know when it's time to update KRB5CCNAME. > You must therefore enter some command, in each window, to get > them to do that. > > The command can be a simple one, if you use an alias or shell > procedure. Your shell startup can save the value of KRB5CCNAME > somewhere so the old screen shell can find it. However, a manual operation could be easily avoided if I could persuade sshd to store the forwarded credentials always in the same place. For example, telnetd does not do any such fancy things with unique KRB5CCNAME for each new login. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/[EMAIL PROTECTED] http://vas.tomsk.ru/ ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
