[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: KRB5CCNAME for kinit and pam_krb5

To: Chris Hamilton <chris@ambigc.com>
Subject: Re: KRB5CCNAME for kinit and pam_krb5
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 22 Aug 2005 21:34:25 +1000
Cc: heimdal-discuss@sics.se
In-Reply-To: <20050822080946.5zkn1y03scv4g4sk@mail.ambigc.com>
References: <20050822080946.5zkn1y03scv4g4sk@mail.ambigc.com>
Sender: owner-heimdal-discuss@sics.se

On Mon, 2005-08-22 at 08:09 +0800, Chris Hamilton wrote:
> Hi, I have been using kerberos for mail, web, etc. logins.  I have just started
> using kerberos for shell logins and noticed that KRB5CCNAME is not being
> generated in kinit for Heimdal 0.6.4.  

kinit cannot set anything into the environment of the parent shell.
Because pam_krb5 (being run in /sbin/login, or gdm for example) is the
parent of your shell,  it can set it there.  Kinit creates a file based
on your uid only, in /tmp.  Other users of the kerberos API know to
first look for the KRB5CCNAME, then that default name.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

This is a digitally signed message part

References:
- KRB5CCNAME for kinit and pam_krb5
  - From: Chris Hamilton <chris@ambigc.com>

Prev by Date: Changes to PKINIT
Next by Date: Assertion in iprop-master.
Prev by thread: KRB5CCNAME for kinit and pam_krb5
Next by thread: Changes to PKINIT
Index(es):
- Date
- Thread