Re: KEYRING:persistent and ssh

2016-09-28 Thread Simo Sorce
On Wed, 2016-09-28 at 11:43 -0400, Ken Hornstein wrote: > >Storing: Simply on a ram filesystem and use ACLS to tackle it down to > >the list of users who need it. This is pretty much what KEYRING does, > >with a custom nonstandard api. > > FWIW, we are going to KEYRING everywhere; the semantics

Re: KEYRING:persistent and ssh

2016-09-28 Thread Ken Hornstein
>Storing: Simply on a ram filesystem and use ACLS to tackle it down to >the list of users who need it. This is pretty much what KEYRING does, >with a custom nonstandard api. FWIW, we are going to KEYRING everywhere; the semantics for what you want in terms of a credential cache store are almost

Re: KEYRING:persistent and ssh

2016-09-28 Thread Simo Sorce
On Wed, 2016-09-28 at 22:17 +0200, Cedric Blancher wrote: > On 28 September 2016 at 19:01, Simo Sorce wrote: > > On Wed, 2016-09-28 at 11:43 -0400, Ken Hornstein wrote: > >> >Storing: Simply on a ram filesystem and use ACLS to tackle it down to > >> >the list of users who need

Re: KEYRING:persistent and ssh

2016-09-28 Thread Cedric Blancher
On 28 September 2016 at 19:01, Simo Sorce wrote: > On Wed, 2016-09-28 at 11:43 -0400, Ken Hornstein wrote: >> >Storing: Simply on a ram filesystem and use ACLS to tackle it down to >> >the list of users who need it. This is pretty much what KEYRING does, >> >with a custom

Re: KEYRING:persistent and ssh

2016-09-28 Thread Lionel Cons
Storing: Simply on a ram filesystem and use ACLS to tackle it down to the list of users who need it. This is pretty much what KEYRING does, with a custom nonstandard api. FYI by policy CERN has forbidden the use of Linux KEYRING because of several security breaches (info bleeds through chroot)

Re: KEYRING:persistent and ssh

2016-09-28 Thread t Seeger
> On 27 Sep 2016, at 15:20, Tina Harriott wrote: > >> On 16 September 2016 at 16:02, t Seeger wrote: >> Hello, >> >> i have a little problem with the 'KRB5CCNAME' environment variable. I set >> the default_ccache_name to

Re: KEYRING:persistent and ssh

2016-09-28 Thread Simo Sorce
On Tue, 2016-09-27 at 15:20 +0200, Tina Harriott wrote: > On 16 September 2016 at 16:02, t Seeger wrote: > > Hello, > > > > i have a little problem with the 'KRB5CCNAME' environment variable. I set > > the default_ccache_name to KEYRING:persistent:%{uid} but if i login it is