SCIENTIFIC-LINUX-USERS Archives

October 2008

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Problem with kcheckpass and kerberos
From:
Jan Iven <[log in to unmask]>
Reply To:
Jan Iven <[log in to unmask]>
Date:
Fri, 10 Oct 2008 00:12:26 +0200
Content-Type:
text/plain
Parts/Attachments:
text/plain (17 lines) 
On 10/09/2008 08:18 AM, Doug Johnson wrote:
[..]
> I can get around the problem by doing a kdestroy before getting the
> second Kerberos ticket, but that seems like a kluge that users will not
> like. 

you might want to create/provide a small "kinit.remote" wrapper that 
sets up a different credential cache (export 
KRB5CCNAME=FILE:/tmp.someplace), runs kinit for the new realm, warns the 
user about the TGT for the different realm being available in that 
terminal window only and e.g sets white on white text colours (security 
through opacity?) similar to
/afs/cern.ch/user/i/iven/public/kinit.win ..

Regards
Jan

ATOM RSS1 RSS2