>>>>> Denis Feklushkin <[email protected]> writes:
>>>>> В Срд, 11/01/2012 в 18:13 +0700, Ivan Shmakov пишет:
[…]
> But this is not normal simultaneous operation.
Yes, it seems to be impossible to use several credentials'
caches at the same time (other than, possibly, by using
setenv(3) to change the value of KRB5CCNAME at certain places
within the client's code.) Yet, it's only necessary when one
client has to access several database clusters, belonging to
different Kerberos realms, among whose there's no trust.
> Also I think that the ticket automatically will not be prolongated,
> for example.
I've never seen the tickets refreshing automatically without the
explicit use of either $ kinit -R or krenew(1).
> Ideally would like to be able to get this:
> $ klist -l
> Name Cache name Expires
> [email protected] /tmp/foo_krb5cc_1000 Jan 12 05:36:02 *
> [email protected] /tmp/bar_krb5cc_1000 Jan 12 05:36:27 *
> And the system could automatically choose the right credentials...
The question is: how? Especially given that the database user
identifier and the Kerberos identifier may have nothing in
common.
[…]
--
FSF associate member #7257
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
