>>>>> Denis Feklushkin <denis.feklush...@gmail.com> writes:
>>>>> В Срд, 11/01/2012 в 18:13 +0700, Ivan Shmakov пишет:

[…]

 > But this is not normal simultaneous operation.

        Yes, it seems to be impossible to use several credentials'
        caches at the same time (other than, possibly, by using
        setenv(3) to change the value of KRB5CCNAME at certain places
        within the client's code.)  Yet, it's only necessary when one
        client has to access several database clusters, belonging to
        different Kerberos realms, among whose there's no trust.

 > Also I think that the ticket automatically will not be prolongated,
 > for example.

        I've never seen the tickets refreshing automatically without the
        explicit use of either $ kinit -R or krenew(1).

 > Ideally would like to be able to get this:

 > $ klist -l
 > Name                      Cache name             Expires         
 > f...@example.org           /tmp/foo_krb5cc_1000   Jan 12 05:36:02   *
 > b...@example.org           /tmp/bar_krb5cc_1000   Jan 12 05:36:27   *

 > And the system could automatically choose the right credentials...

        The question is: how?  Especially given that the database user
        identifier and the Kerberos identifier may have nothing in
        common.

[…]

-- 
FSF associate member #7257



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to