Has an environment variable for client flags ever been considered? The specific use case I’m thinking about is a situation where a user may want to override a system-wide configuration without the overhead of managing their own KRB5_CONFIG file.
Example: krb5.conf specifies that forwardable tickets are to be requested but a principal is defined which disallows the use of forwardable credentials. If the user could define an environment variable that overrides this and other settings (KRB5_CLIENT_FLAGS=“forwardable=false; ticket_lifetime=10m" for example) they could more easily use a keytab with KRB5_CLIENT_KTNAME, and MEMORY-based credentials. Any of the settable flags that one can define kinit command line could be set in the variable. jd
smime.p7s
Description: S/MIME cryptographic signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
