https://bugzilla.mindrot.org/show_bug.cgi?id=3203
--- Comment #4 from Toby Blake <[email protected]> --- (In reply to Jakub Jelen from comment #3) > Hi, > the current version we use in Fedora lives here so it could have > gone through some updates and fixes since 2 years ago: > > https://src.fedoraproject.org/rpms/openssh/blob/master/f/openssh-7. > 7p1-gssapi-new-unique.patch Hi, this is the patch I've tried to rework for ubuntu. > The new unique cache in the given collection is probably the most > sensible way of doing this. Or you suggest that you would like the > new login to override existing tickets in the ccache? Or you still > see the ccache in /tmp being used? What configuration did you try? What I'd like is to be able to set [libdefaults] default_ccache_name = KEYRING:persistent:%{uid} ... in /etc/krb5.conf and for (gssapi) ssh connections to use this, in the same way that I can set it for PAM connections. This no doubt works under redhat (and indeed it works for us with Scientific Linux 7.8 with the addition of a backported openssh-7.5p1-gss-environment.patch, as discussed in https://bugzilla.redhat.com/show_bug.cgi?id=1199363) I think I need to look at the gssapi-new-unique patch again, with a more complete understanding of the relevant code areas. My reworking of it is definitely not doing what it should do. The biggest issue in getting this working is the divergent code bases between redhat and ubuntu (in particular, I suspect, the gsskex patch). This is why I'd much prefer this issue to be fixed upstream. Pending that, I'll look again at the the unique patch. Cheers Toby -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
