>>>>> Denis Feklushkin <denis.feklush...@gmail.com> writes: >>>>> В Срд, 11/01/2012 в 18:13 +0700, Ivan Shmakov пишет:
[…] > But this is not normal simultaneous operation. Yes, it seems to be impossible to use several credentials' caches at the same time (other than, possibly, by using setenv(3) to change the value of KRB5CCNAME at certain places within the client's code.) Yet, it's only necessary when one client has to access several database clusters, belonging to different Kerberos realms, among whose there's no trust. > Also I think that the ticket automatically will not be prolongated, > for example. I've never seen the tickets refreshing automatically without the explicit use of either $ kinit -R or krenew(1). > Ideally would like to be able to get this: > $ klist -l > Name Cache name Expires > f...@example.org /tmp/foo_krb5cc_1000 Jan 12 05:36:02 * > b...@example.org /tmp/bar_krb5cc_1000 Jan 12 05:36:27 * > And the system could automatically choose the right credentials... The question is: how? Especially given that the database user identifier and the Kerberos identifier may have nothing in common. […] -- FSF associate member #7257 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org