[OpenAFS] kerberos keyring per session

Giovanni Bracco giovanni.bracco@enea.it
Tue, 13 Sep 2022 09:36:48 +0200 

We are trying to configure Kerberos (MIT) on Rocky 8.5 so that the user 
ticket is specific for the user session and not for just the user, just 
as one obtains using pags with AFS.

The reason is that on our front-end nodes users often open more than one 
session, and we do not want that a kdestroy in a session deletes tickets 
for all the current user  sessions.

I have seen that the question has been discussed in the past on the 
mailing list
https://lists.openafs.org/pipermail/openafs-info/2019-August/042860.html

but at the moment we try to use not the "persistent" but the "session" 
setting for the cache type.

Kerberos documentation

https://web.mit.edu/kerberos/krb5-1.12/doc/basic/ccache_def.html

is not clear and no examples are available

What is "name"?

KEYRING:session:name - session keyring

Any suggestions or examples?

Giovanni

-- 
Giovanni Bracco
phone  +39 351 8804788
E-mail  giovanni.bracco@enea.it
WWW http://www.afs.enea.it/bracco


==================================================

Questo messaggio e i suoi allegati sono indirizzati esclusivamente alle persone indicate e la casella di posta elettronica da cui e' stata inviata e' da qualificarsi quale strumento aziendale.
La diffusione, copia o qualsiasi altra azione derivante dalla conoscenza di queste informazioni sono rigorosamente vietate (art. 616 c.p, D.Lgs. n. 196/2003 s.m.i. e GDPR Regolamento - UE 2016/679).
Qualora abbiate ricevuto questo documento per errore siete cortesemente pregati di darne immediata comunicazione al mittente e di provvedere alla sua distruzione. Grazie.

This e-mail and any attachments is confidential and may contain privileged information intended for the addressee(s) only.
Dissemination, copying, printing or use by anybody else is unauthorised (art. 616 c.p, D.Lgs. n. 196/2003 and subsequent amendments and GDPR UE 2016/679).
If you are not the intended recipient, please delete this message and any attachments and advise the sender by return e-mail. Thanks.

==================================================