[OpenAFS] Redux: Linux: systemctl --user vs. AFS

Dirk Heinrichs dirk.heinrichs@altum.de
Sun, 15 Aug 2021 17:17:17 +0200 

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--OYiMOVTdOquhAnIgGlsy9w0hndtKPGA0P
Content-Type: multipart/mixed; boundary="Qi4tdSiZcuB80fUXcBbYzamwDzuhqhLhN";
 protected-headers="v1"
From: Dirk Heinrichs <dirk.heinrichs@altum.de>
To: openafs-info@openafs.org
Message-ID: <0b675a10-8da2-1140-4cf3-05a04f941009@altum.de>
Subject: Re: [OpenAFS] Redux: Linux: systemctl --user vs. AFS
References: <7f6d69d7-859d-722b-74a3-73e23621bca5@altum.de>
 <bacd6693-5179-6a49-6331-2e7459218bab@taltos.org>
 <7bba65ca-b1a6-416c-607e-b5526bfbee43@altum.de> <5489034.DvuYhMxLoT@debian>
 <da66d25a-22e3-c451-01db-d591b4155464@altum.de>
 <202108140420.17E4JuVP001593@hedwig.cmf.nrl.navy.mil>
In-Reply-To: <202108140420.17E4JuVP001593@hedwig.cmf.nrl.navy.mil>

--Qi4tdSiZcuB80fUXcBbYzamwDzuhqhLhN
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US

Ken Hornstein:

>> Anyway, I checked the krb5 sources, and it is defined in
>> lib/krb5/ccache/cc_keyring.c:
>>
>>    /*
>>    =C2=A0* Keyring name prefix and length of random name part
>>    =C2=A0*/
>>    #define KRCC_NAME_PREFIX "krb_ccache_"
>>    #define KRCC_NAME_RAND_CHARS 8
> My reading of the code is that random cache name is only used _if_ you
> call the function krb5_cc_gen_new(), which suggests to me that pam_sss
> or something pam_sss is calling is explicitly doing that (most Kerberos=

> programs simply call krb5_cc_default() which should result in it taking=

> a compiled-in default or whatever you specify in krb5.conf).

Switched from sssd to winbind and got it to work using the standard FILE
cache type. With KEYRING, something(TM) added the ":${UID}" suffix twice.=
=2E.

Bye...

=C2=A0=C2=A0=C2=A0 Dirk

--=20
Dirk Heinrichs <dirk.heinrichs@altum.de>
Matrix-Adresse: @heini:chat.altum.de
GPG Public Key: 80F1540E03A3968F3D79C382853C32C427B48049
Privacy Handbuch: https://www.privacy-handbuch.de



--Qi4tdSiZcuB80fUXcBbYzamwDzuhqhLhN--

--OYiMOVTdOquhAnIgGlsy9w0hndtKPGA0P
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQBbRZ091iOtChJXdXJlzdNRFS0TAUCYRkv/QAKCRDJlzdNRFS0
THM5AP0RTTr5FaykThsycD1PbWBouEIfE1GFbeHcvODfDTsGgwD/TmoBDykqYXhJ
hbrtrGy54Ow9XXUcmEg5xLmxApqDdgs=
=a0mk
-----END PGP SIGNATURE-----

--OYiMOVTdOquhAnIgGlsy9w0hndtKPGA0P--