> On Dec 12, 2022, at 3:24 PM, Greg Hudson <ghud...@mit.edu> wrote:
>
> On 12/12/22 14:04, John Devitofranceschi wrote:
>> % cat mykrb5.conf
>> [libdefaults]
>> default_ccache_name = FILE:/my_ccache_location/krbcc_%{uid}
>> include /etc/krb5.conf
>
>> I cannot find a description of the behaviour of the ‘include’ directive with
>> respect to this kind of thing.
>
> https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_files/krb5_conf.html#structure
>> is the documentation we have on the include directive. Your example should > work. Yeah, I read that. It doesn’t really address the precedence question though, does it? Thanks for the confirmation! > > In the profile model, a relation can have one or more values, with the order > of values determined by the order of appearance. Some variables have a > defined meaning for multiple values (like "kdc" in a realm section), but most > variables, including default_ccache_name, only have meaning for a single > value. > > Unfortunately, different parts of the code are not consistent in how they > handle multiple values for a single-value variable. For variables handled > through libkrb5, like default_ccache_name, the first value is used. So in > your example, your default_ccache_name setting would take precedence over one > defined in the system krb5.conf, because it was read first. > I did come to this conclusion through experimentation (at least for my particular use-cases). Thanks again, jd
smime.p7s
Description: S/MIME cryptographic signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
