/Hello, i m playing around with MIT kerberos at moment and got the problem that openssh do not honor the "default_ccache_name" variable in /etc/krb5.conf. It looks like the FILE based credential cache is hardcoded and openssh set KRB5CCNAME to it, but i would like to use the KEYRING cache. Is there any way to tell ssh to use the cache set in "default_ccache_name"? /Many thanks in advance and best regards - Thorsten - //
On 03/03/2017 10:17 PM, tseegerkrb wrote:> /Hello, i m playing around with MIT kerberos at moment and got the > problem that openssh do not honor the "default_ccache_name" variable in > /etc/krb5.conf. It looks like the FILE based credential cache is > hardcoded and openssh set KRB5CCNAME to it, but i would like to use the > KEYRING cache. Is there any way to tell ssh to use the cache set in > "default_ccache_name"? /Many thanks in advance and best regardsHello, in Fedora and RHEL we have a patch that takes care of this: http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/tree/openssh-6.3p1-krb5-use-default_ccache_name.patch I am not sure why it was not driven upstream yet, but in any case if that would solve your case, feel free to use it, if it would be acceptable upstream, feel free to merge it. Regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat
On 06.03.2017 08:41, Jakub Jelen wrote:> On 03/03/2017 10:17 PM, tseegerkrb wrote: >> /Hello, i m playing around with MIT kerberos at moment and got the >> problem that openssh do not honor the "default_ccache_name" variable in >> /etc/krb5.conf. It looks like the FILE based credential cache is >> hardcoded and openssh set KRB5CCNAME to it, but i would like to use the >> KEYRING cache. Is there any way to tell ssh to use the cache set in >> "default_ccache_name"? /Many thanks in advance and best regards > > Hello, > in Fedora and RHEL we have a patch that takes care of this: > > http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/tree/openssh-6.3p1-krb5-use-default_ccache_name.patch > > > I am not sure why it was not driven upstream yet, but in any case if > that would solve your case, feel free to use it, if it would be > acceptable upstream, feel free to merge it. > > Regards,Hello, thx for your answer. I m using debian / ubuntu and would prefer to get the patch in the upstream package. I m new to this, how and who do i need to ask to add the patch to the upstream? thank you in advance Best Regards, Thorsten
Seemingly Similar Threads
- [Bug 2775] New: Improve kerberos credential forwarding support
- [Bug 3203] New: Could default_ccache_name from krb5.conf be used for GSSAPI connections?
- kerberos ticket on login problem
- kerberos ticket on login problem
- smbclient ignores configured kerberos ccache when using krb5-user on ubuntu/debian