On Tue, Apr 7, 2020 at 8:39 AM Charles Hedrick <hedr...@rutgers.edu> wrote: > > we use a pam module that normalizes the credential cache. If krb5.conf > asks for KEYRING and sshd leaves the cache in /tmp, the code moves it > into KEYRING and updates KRB5CCNAME.
Is this pam module open-source? It sounds like you've implemented what Russ described earlier in this thread. > However there’s a gotcha. Kerberized NFS uses (by default) the > currently selected principal. So for a collection to be useful, we > also have a ccselect plugin to make sure that NFS (actually rpc.gssd) > always gets the right principal from the collection. I'm interested in this as well, if it's open-source! - Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos