> On Dec 12, 2022, at 3:24 PM, Greg Hudson <ghud...@mit.edu> wrote: > > On 12/12/22 14:04, John Devitofranceschi wrote: >> % cat mykrb5.conf >> [libdefaults] >> default_ccache_name = FILE:/my_ccache_location/krbcc_%{uid} >> include /etc/krb5.conf > >> I cannot find a description of the behaviour of the ‘include’ directive with >> respect to this kind of thing. > > https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html#structure >
> is the documentation we have on the include directive. Your example should > work. Yeah, I read that. It doesn’t really address the precedence question though, does it? Thanks for the confirmation! > > In the profile model, a relation can have one or more values, with the order > of values determined by the order of appearance. Some variables have a > defined meaning for multiple values (like "kdc" in a realm section), but most > variables, including default_ccache_name, only have meaning for a single > value. > > Unfortunately, different parts of the code are not consistent in how they > handle multiple values for a single-value variable. For variables handled > through libkrb5, like default_ccache_name, the first value is used. So in > your example, your default_ccache_name setting would take precedence over one > defined in the system krb5.conf, because it was read first. > I did come to this conclusion through experimentation (at least for my particular use-cases). Thanks again, jd
smime.p7s
Description: S/MIME cryptographic signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos