On Sat, 26 Feb 2005 21:31:29 +0100, Fredrik Tolf <[EMAIL PROTECTED]> wrote: > On Sat, 2005-02-26 at 11:16 -0600, inode0 wrote: > > > > I put my credential cache in a location where it won't be deleted > > either by configuring kerberos to do that by default or by setting the > > appropriate environment variables. That seems to solve this problem > > for me. > > Yeah, but then you actually have to put your ccache in a different > location, manually. That's what I wanted to avoid. :) > IMHO, everything that can be automated should be, so that's what I did.
On machines where I am the sole user, I build kerberos to use a non-standard default location and don't run kdestroy at logout. Otherwise, I set KRB5CCNAME and KRBTKFILE during login. I don't do anything manually during the normal course of events. I agree though that is not well suited to all situations. I just offered it as the way I went about getting around this problem. I didn't mean that it was a better way, just another way. > > This one is more philosophical to me. The situations where I'm using > > screen/kerberos together tend to be on fairly secure machines where > > I'm comfortable leaving long tickets sitting on the machine. Renewing > > them is a bit annoying, but doing that once a month hasn't been that > > annoying to me. Maybe I just haven't quite made the mental adjustment > > going from krb4 philosophy to krb5 yet? > > Again, I think that everything that can be automated should be, so I > decided to automate it and make screen renew the tickets. Also, I'm not > very comfortable with long-lived tickets. Maybe it's just me, but I feel > much better having tickets that can be renewed for a long time, but that > expire sooner. My tickets expire after 10 hrs, but are renewable for 10 > days. I certainly share your discomfort with long tickets in many circumstances. I am comfortable with them on machines that aren't public and that I'm logged into constantly anyway. And those are the machines I typically leave screen sessions hanging around on. This, I think, may be the spot where I just haven't gotten used to the idea of renewable tickets yet. That may well be a better way to go. > Either way, I don't intend to shove the patch down your throat. ;-) Oh, I have no objection to your proposed patch. I also don't have any say in whether it is accepted. Just trying to share what I've been doing to work around the same issues, although my situation may well be sufficiently different from others that it isn't useful in general. Best wishes Fredrik. I heartily applaud you for contributing something of substance that involves two of my favorite things! John _______________________________________________ screen-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/screen-users
