hi, When implementing rsyslog with gssapi (http://www.rsyslog.com/doc/gssapi.html) I came accross the issue that the rsyslog software expects the credentials cache of the host principal in /tmp/krb5cc_0; the centos 6.5 hosts joined to a freeipa kerberos domain save that to /var/tmp/host_0 .
I tried setting this: KRB5CCNAME='/var/tmp/host_0' or variations on that (double inverted comma's, no comma's) in /etc/sysconfig/rsyslog which is the place where one expect to declare such a variable in redhat/centos systems because that file is sourced by the init scrip of rsyslog. But unfortunately rsyslog kept requesting the /tmp/krb5cc_0 file. Copying /var/tmp/host_0 over /tmp/krb5cc_0 solves this problem and then one can relay syslog messages using kerberos authentication, but it is not really elegant. So I asked on the rsyslog list and its main developper asked me what function should be called to implement the KRB5CCNAME variable for that application. Could you give me any pointers so that he can implement that for rsyslog? Thanks in advance. -- regards, natxo ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos