> On 27 Sep 2016, at 15:20, Tina Harriott <tina.harriott.m...@gmail.com> wrote: > >> On 16 September 2016 at 16:02, t Seeger <tseeger...@gmail.com> wrote: >> Hello, >> >> i have a little problem with the 'KRB5CCNAME' environment variable. I set >> the default_ccache_name to KEYRING:persistent:%{uid} but if i login it is >> set to "file:/tmp/krb5cc_${uid}_XXXXXXXXXX" cause ssh sets the KRB5CCNAME >> to file:/tmp/krb5cc_${uid}_XXXXXXXXXX... >> I found a workaround with adding "unset KRB5CCNAME" to /etc/bash.bashrc but >> this is not very nice. >> Did anyone had a similar problem and found a solution? >> >> Many thanks in advance and best regards >> ________________________________________________ >> Kerberos mailing list Kerberos@mit.edu >> https://mailman.mit.edu/mailman/listinfo/kerberos > > FYI KEYRING: will be removed in future versions of Linux kernel > because of the ongoing design defects. > Also, KEYRING is not secure, under certain scenarios (DOCKER&et al) > unrelated users/uids can obtain the secure data. > > Tina > -- > Tina Harriott - Women in Mathematics > Contact: tina.harriott.m...@gmail.com
Thank you for your replay. I have two questions. First can you tell me what is the best practice way to store the credential cache and second where can I find more informations about the plan to remove the KEYRING from the kernel? Thorsten ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos