[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kinit and old credentials

On Thu, 20 Mar 2003, Love wrote:

> All format of the credential cache stores a `primary principal' in the
> cache, and that principal is extracted with krb5_cc_get_principal().
> However, this is redudant information, since all krb5_creds within the
> credential cache have both the client and server principal stored within
> them.
> So, the file technically support it. And the interface kind of supports it,
> none of the applications uses it. I'm trying to not sound negative here,
> just presenting the facts. I'm all for fixing this problem.
> Example. I've got two tgt in my cache, one for lha@E.KTH.SE and
> lha@NADA.KTH.SE, I ssh to shell.stacken.kth.se. What do I want to use ?
> I guess the answer is the primary principal.

I don't know a lot of the internals, but for me it should be something
like that: First of all it tries to use the primary principal. If this is
not successful it will try all other TGTs from the cache one after


Andreas Haupt         E-Mail: ahaupt@ifh.de
 DESY Zeuthen
 Platanenallee 6
 15738 Zeuthen