[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: KRB5CCNAME for kinit and pam_krb5

On Mon, 2005-08-22 at 08:09 +0800, Chris Hamilton wrote:
> Hi, I have been using kerberos for mail, web, etc. logins.  I have just started
> using kerberos for shell logins and noticed that KRB5CCNAME is not being
> generated in kinit for Heimdal 0.6.4.  

kinit cannot set anything into the environment of the parent shell.
Because pam_krb5 (being run in /sbin/login, or gdm for example) is the
parent of your shell,  it can set it there.  Kinit creates a file based
on your uid only, in /tmp.  Other users of the kerberos API know to
first look for the KRB5CCNAME, then that default name.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

This is a digitally signed message part