[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: kinit and old credentials
On Thu, 20 Mar 2003, Love wrote:
> All format of the credential cache stores a `primary principal' in the
> cache, and that principal is extracted with krb5_cc_get_principal().
> However, this is redudant information, since all krb5_creds within the
> credential cache have both the client and server principal stored within
> So, the file technically support it. And the interface kind of supports it,
> none of the applications uses it. I'm trying to not sound negative here,
> just presenting the facts. I'm all for fixing this problem.
> Example. I've got two tgt in my cache, one for lha@E.KTH.SE and
> lha@NADA.KTH.SE, I ssh to shell.stacken.kth.se. What do I want to use ?
> I guess the answer is the primary principal.
I don't know a lot of the internals, but for me it should be something
like that: First of all it tries to use the primary principal. If this is
not successful it will try all other TGTs from the cache one after
Andreas Haupt E-Mail: firstname.lastname@example.org