On Thu, Sep 6, 2012 at 3:54 PM, Kevin Longfellow <[email protected]> wrote:
> user logs in and runs kinit [email protected]
> user accesses KerberizedNFS home areas in REALM1.COM
>
> user now needs access to KerberizedNFS areas in REALM2.COM
>
> Can they simply run kinit [email protected] and both realms tgt/tgs will be
> maintained separately with both NFS areas being accessible?
>
> or
>
> When they run kinit [email protected] will that remove the tgt/tgs for
> REALM1.COM and remove access to REALM1.COM Kerberized nfs areas?
With traditional "FILE:" ccaches (e.g. the default
FILE:/tmp/krb5cc_*), the latter – the old cache will get destroyed and
a new one created in its place.
With directory ccaches ("DIR:/path"), the former – the old cache will
remain, and a new one will be added to the collection. (`klist -l`
shows the contents.)
However, the DIR type is only supported as of MIT Krb5 v1.10 and needs
at least nfs-utils v1.2.7-rc5, as well as reconfiguring the client
systems – both to create DIR ccaches on login (instead of FILE) and to
use DIR for the default ccache.
--
Mantas Mikulėnas
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
