* Douglas E. Engert ([EMAIL PROTECTED]) wrote: > This would be a "session" cache, and would be created by sshd for example. > the xxxxx is mean to make the name unique. You would want a different > cache for each session, so the sessions would not interfer with each other. > The sshd would also set the KRB5CCNAME env to point to the cache. [...] > Its a feature not a problem.
Actually, it's a rather annoying problem, but not an insurmountable one. I've set up my shell scripts to do what I consider the 'right' thing. Basically they move the forwarded tickets provided by sshd into place, overwritting anything there and then keep a session counter and kdestroy when the last session has exited. This means I can use forwarded tickets with screen and things actually work even when I detach, logoff, logon and reattach to screen. If anyone's curious in the shell script bits (they're not complex) I'd be happy to make them available. Stephen
pgp00000.pgp
Description: PGP signature
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos