[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kinit and old credentials

To: Love <lha@stacken.kth.se>
Subject: Re: kinit and old credentials
From: Andreas Haupt <ahaupt@ifh.de>
Date: Fri, 21 Mar 2003 10:03:33 +0100 (MET)
cc: heimdal-discuss@sics.se
In-Reply-To: <amadfpvq3g.fsf@nutcracker.stacken.kth.se>
References: <001001c2ef0b$ae01afa0$609d180a@CELLO> <amadfpvq3g.fsf@nutcracker.stacken.kth.se>
Sender: owner-heimdal-discuss@sics.se

On Thu, 20 Mar 2003, Love wrote:

> All format of the credential cache stores a `primary principal' in the
> cache, and that principal is extracted with krb5_cc_get_principal().
>
> However, this is redudant information, since all krb5_creds within the
> credential cache have both the client and server principal stored within
> them.
>
> So, the file technically support it. And the interface kind of supports it,
> none of the applications uses it. I'm trying to not sound negative here,
> just presenting the facts. I'm all for fixing this problem.
>
> Example. I've got two tgt in my cache, one for lha@E.KTH.SE and
> lha@NADA.KTH.SE, I ssh to shell.stacken.kth.se. What do I want to use ?
> I guess the answer is the primary principal.

I don't know a lot of the internals, but for me it should be something
like that: First of all it tries to use the primary principal. If this is
not successful it will try all other TGTs from the cache one after
another.

Andreas

-- 
Andreas Haupt         E-Mail: ahaupt@ifh.de
 DESY Zeuthen
 Platanenallee 6
 15738 Zeuthen

References:
- RE: kinit and old credentials
  - From: "Howard Chu" <hyc@highlandsun.com>
- Re: kinit and old credentials
  - From: Love <lha@stacken.kth.se>

Prev by Date: Re: kinit and old credentials
Next by Date: Heimdal telnet PAM, Kerberos SSH for Windows
Prev by thread: Re: kinit and old credentials
Next by thread: Re: kinit and old credentials
Index(es):
- Date
- Thread