Concealing keys (not even in NSS)

Hi, I've looked into the mechanism for configurable crypto backends and in particular the NSS backend, which is close to PKCS #11. What I like about PKCS #11 is that it can conceal keys from the libkrb5 library, and thereby from the application's reachable memory. This is not how the NSS crypto

Re: KEYRING:persistent and ssh

tseegerkrb writes: > I think the sshd daemon do not honor the "default_ccache_name" and uses > the default file format. I'm pretty sure you're correct if you're doing GSS-API authentication with ssh. Looking at the source code to sshd, you don't seem to get much choice in

Re: KEYRING:persistent and ssh

Hello, i grep for KRB5CCNAME to the etc directory and the only match is in "/etc/default/slapd" and this is ok and has nothing todo with the login process. I think the sshd daemon do not honor the "default_ccache_name" and uses the default file format. I use pam_sss instead of pam_krb5. If i