[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kinit and old credentials



On Wed, 19 Mar 2003, Love wrote:

> Andreas Haupt <ahaupt@ifh.de> writes:
>
> > Hello,
> >
> > I wonder if there is a way to retain the old credentials when doing kinit.
> > Here is an example: You've got your credentials for your home realm at
> > login. Now you want to get credentials for another realm. After you did
> > kinit user@ANOTHER.REALM your original credentials are lost.
> >
> > Well, you could specify another credentials cache name, but that's not
> > very transparent. You would have to switch $KRB5CCNAME everytime you want
> > to use the other cache (e.g. for ssh).
>
> I use diffrent xterm (with title set to something sane) that have diffrent
> KRB5CCNAME set.
>
> > So my question is: Is there a way to do this transparently?
>
> I've been thinking about having a process that holds your credentials. Then
> you can specify current default principal that the process should return to
> the library.
>
> Then the process could do other things too, like renewing credentials that
> are about to expire, ask you for a password when you asked for a default
> principal that doesn't exists, etc.

Isn't it possible to let kinit work like the klog from OpenAFS? After
looking at the code of it, I still haven't understood why it works - but
it works!

When doing klog the new credentials are just appended to the (krb4) ticket
file.

Andreas

-- 
Andreas Haupt         E-Mail: ahaupt@ifh.de
 DESY Zeuthen
 Platanenallee 6
 15738 Zeuthen