[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kinit and old credentials

On Wed, 19 Mar 2003, Love wrote:

> Andreas Haupt <ahaupt@ifh.de> writes:
> > Hello,
> >
> > I wonder if there is a way to retain the old credentials when doing kinit.
> > Here is an example: You've got your credentials for your home realm at
> > login. Now you want to get credentials for another realm. After you did
> > kinit user@ANOTHER.REALM your original credentials are lost.
> >
> > Well, you could specify another credentials cache name, but that's not
> > very transparent. You would have to switch $KRB5CCNAME everytime you want
> > to use the other cache (e.g. for ssh).
> I use diffrent xterm (with title set to something sane) that have diffrent
> > So my question is: Is there a way to do this transparently?
> I've been thinking about having a process that holds your credentials. Then
> you can specify current default principal that the process should return to
> the library.
> Then the process could do other things too, like renewing credentials that
> are about to expire, ask you for a password when you asked for a default
> principal that doesn't exists, etc.

Isn't it possible to let kinit work like the klog from OpenAFS? After
looking at the code of it, I still haven't understood why it works - but
it works!

When doing klog the new credentials are just appended to the (krb4) ticket


Andreas Haupt         E-Mail: ahaupt@ifh.de
 DESY Zeuthen
 Platanenallee 6
 15738 Zeuthen