Greg Hudson <[email protected]> writes: > Prior to the 1.11 release, there is no config file setting for the > default credential cache. The only discovery mechanisms are the > KRB5CCNAME environment variable (which is often set by the login system, > if pam_krb5 is in use) and the hardcoded default of /tmp/krb5cc_NNNN.
> In the 1.11 release, the default credential cache can be specified in > the [libdefaults] section of /etc/krb5.conf with the default_ccache_name > variable. The value is subject to parameter expansion as described here: > http://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html#parameter-expansion Note that if you're using a Kerberos PAM module, you will probably need to separately configure its cache location, since most Kerberos PAM modules don't use the library default. The library default has been /tmp/krb5cc_NNNN for ages, and that default cache naming doesn't allow for a separate ticket cache per login session (which is normally the behavior people want). Therefore, most PAM modules have their own independent defaults. For mine, for example: When pam_setcred() is called to initialize a new ticket cache, the environment variable KRB5CCNAME is set to the path to that ticket cache. By default, the cache will be named /tmp/krb5cc_UID_RANDOM where UID is the user's UID and RANDOM is six randomly-chosen letters. This can be configured with the ccache and ccache_dir options. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
