On Tue, 2016-09-27 at 15:20 +0200, Tina Harriott wrote: > On 16 September 2016 at 16:02, t Seeger <tseeger...@gmail.com> wrote: > > Hello, > > > > i have a little problem with the 'KRB5CCNAME' environment variable. I set > > the default_ccache_name to KEYRING:persistent:%{uid} but if i login it is > > set to "file:/tmp/krb5cc_${uid}_XXXXXXXXXX" cause ssh sets the KRB5CCNAME > > to file:/tmp/krb5cc_${uid}_XXXXXXXXXX... > > I found a workaround with adding "unset KRB5CCNAME" to /etc/bash.bashrc but > > this is not very nice. > > Did anyone had a similar problem and found a solution? > > > > Many thanks in advance and best regards > > ________________________________________________ > > Kerberos mailing list Kerberos@mit.edu > > https://mailman.mit.edu/mailman/listinfo/kerberos > > FYI KEYRING: will be removed in future versions of Linux kernel > because of the ongoing design defects.
Could you please provide the source of this rumor ? As far as I know this statement is false. > Also, KEYRING is not secure, under certain scenarios (DOCKER&et al) > unrelated users/uids can obtain the secure data. We are working upstream to properly namespace the keyring too, once done the container's case will be addressed too. Simo. -- Simo Sorce * Red Hat, Inc * New York ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos