How to force kerberos to use in memory credential cache?
7,242
As explained in the linked document, the memory cache is using MEMORY
keyword so the following should do the job:
default_ccache_name = MEMORY:
But note that this type of ccache
will be destroyed once the process exits. Note that :
needs to be present, otherwise it will try to store the ticket in the file called MEMORY
in current working directory.
Related videos on Youtube
Author by
rlf
Updated on September 18, 2022Comments
-
rlf almost 2 years
MIT Kerberos supports multiple types of credential cache to store tickets .
For example, if I want to use a persistent keyring per-user in kernel memory I can add the following to
krb5.conf
.[libdefaults] default_ccache_name = KEYRING:persistent:%{uid}
One of the options is a ccache in process memory.
How do I enable this option?
-
arne.z about 7 yearsDoes this mean that when obtaining the TGT with
kinit <username>
the TGT is destroyed right afterkinit
terminates? As far as I know it only runs for like a second to obtain the TGT and then it exits. What's the usecase for such a ccache type? -
Jakuje about 7 yearsI didn't try that, but from the manual it looks like that. If you have kerberos set up at hand, what is harder than try that? The manual talks about
kadmin
, which is separate "shell" taking administrative command, where it would make sense (unlike thekinit
command which is useful for long-term tickets). -
rlf about 7 yearsThis method does not work! It just creates a file in the current working directory to
kinit
called: "MEMORY". It seems that the default ccache type isFILE
and if no other recognised keyword is prepended it is assumed to beFILE
. -
Jakuje about 7 yearsCan you try with
MEMORY:
I don't have kerberos setup at hand. -
rlf about 7 yearsThank you! This indeed works. I couldn't edit answer to reflect this as there wasn't enough character changes, I will happily accept it when the answer gets updated.
-
Jakuje about 7 yearsI updated the answer.