>Anyway, I checked the krb5 sources, and it is defined in
>lib/krb5/ccache/cc_keyring.c:
>
>/*
> * Keyring name prefix and length of random name part
> */
>#define KRCC_NAME_PREFIX "krb_ccache_"
>#define KRCC_NAME_RAND_CHARS 8
My reading of the code is that random cache name
On Friday, 13 August 2021 20:29:03 CEST Dirk Heinrichs wrote:
> Carson Gaspar:
> > On 8/13/2021 11:01 AM, Dirk Heinrichs wrote:
> >> Tried the setup right away on Debian, but it doesn't work. Seems Debian
> >> adds some random string to the cache name, even if it's set to KEYRING:
> >>
> >>
Markus Köberl:
> ccache and ccache_dir options for pam_krb5 might help.
> Have a look at man pam_krb5.
I'm using pam_sss.
Anyway, I checked the krb5 sources, and it is defined in
lib/krb5/ccache/cc_keyring.c:
/*
* Keyring name prefix and length of random name part
*/
#define
Carson Gaspar:
>
> On 8/13/2021 11:01 AM, Dirk Heinrichs wrote:
>> Tried the setup right away on Debian, but it doesn't work. Seems Debian
>> adds some random string to the cache name, even if it's set to KEYRING:
>>
>> % LC_ALL=C klist|head -1
>> Ticket cache:
On 8/13/2021 11:01 AM, Dirk Heinrichs wrote:
Tried the setup right away on Debian, but it doesn't work. Seems Debian
adds some random string to the cache name, even if it's set to KEYRING:
% LC_ALL=C klist|head -1
Ticket cache: KEYRING:persistent:1000:krb_ccache_inOQJ0u
This may
Jonathan Billings:
> On Fri, Aug 13, 2021 at 05:38:54PM +0200, Dirk Heinrichs wrote:
>> Jonathan Billings:
>>
>>> # Set ccache name
>>> export KRB5CCNAME="KEYRING:persistent:$UID"
>> Am I correct to assume that the "regular" login session also needs to be
>> configured this way?
>>
>> Thanks...
>
Jonathan Billings:
> Yes, I have this in my /etc/krb5.conf:
>
> [libdefaults]
> default_ccache_name = KEYRING:persistent:%{uid}
>
> By default it is "FILE:/tmp/krb5cc_%{uid}" which isn't particularly
> secure, as mentioned earlier in the thread.
Great, thanks a lot.
Bye...
Dirk
--
On Fri, Aug 13, 2021 at 05:38:54PM +0200, Dirk Heinrichs wrote:
>
> Jonathan Billings:
>
> > # Set ccache name
> > export KRB5CCNAME="KEYRING:persistent:$UID"
>
> Am I correct to assume that the "regular" login session also needs to be
> configured this way?
>
> Thanks...
Yes, I have this in
Jonathan Billings:
> # Set ccache name
> export KRB5CCNAME="KEYRING:persistent:$UID"
Am I correct to assume that the "regular" login session also needs to be
configured this way?
Thanks...
Dirk
--
Dirk Heinrichs
Matrix-Adresse: @heini:chat.altum.de
GPG Public Key:
On Thu, Aug 05, 2021 at 05:11:23PM +, spacefrogg-open...@spacefrogg.net
wrote:
> It is as basic as it sounds. Setting up sssd is documented in its
> manpages and gets as complicated and messy as your site requires.
>
> user@.service: We literally changed the ExecStart= directive to a
>
10 matches
Mail list logo
