[OpenAFS] Redux: Linux: systemctl --user vs. AFS

Ken Hornstein kenh@cmf.nrl.navy.mil
Sat, 14 Aug 2021 00:19:51 -0400


>Anyway, I checked the krb5 sources, and it is defined in
>lib/krb5/ccache/cc_keyring.c:
>
>    /*
>     * Keyring name prefix and length of random name part
>     */
>    #define KRCC_NAME_PREFIX "krb_ccache_"
>    #define KRCC_NAME_RAND_CHARS 8

My reading of the code is that random cache name is only used _if_ you
call the function krb5_cc_gen_new(), which suggests to me that pam_sss
or something pam_sss is calling is explicitly doing that (most Kerberos
programs simply call krb5_cc_default() which should result in it taking
a compiled-in default or whatever you specify in krb5.conf).

--Ken