Opened 3 years ago

Closed 3 years ago

#6 closed defect (fixed)

Cannot override default credential cache location

Reported by: lewisr Owned by:
Priority: major Milestone: Heimdal - 1.5.3
Component: general Version: Heimdal - 1.5.3
Keywords: credential cache, ticket cache Cc:

Description

This is the real issue underlying #2, I think.

Documentation says that the default credential location, DEFCCNAME, hardcoded as FILE:/tmp/krb5cc_%{uid} on *nix systems (see http://web.mit.edu/kerberos/krb5-1.12/doc/mitK5defaults.html#paths) may be overridden either by setting default_ccache_name in krb5.conf or by setting the env var, KRB5CCNAME. However, it appears that neither of these actually override DEFCCNAME.

Workarounds include ensuring that the klibc path rewriter is installed or even manually creating \tmp on the same volume on which the session is currently logged.

Change History (9)

comment:1 Changed 3 years ago by lewisr

  • Component changed from distribution to general

comment:2 Changed 3 years ago by lewisr

It seems that with:

7-04-15 6:02 160,318 124 klist.exe

Environment variables work for, say:

[c:\]set KRB5CCNAME=FILE:%TEMP%/krb5cc_0

but setting default_ccache_name in the [libdefaults] section of krb5.conf as:

default_ccache_name = FILE:%{TEMP}/krb5cc_%{uid}

does not. I can't tell whether the parameter expansion is completely skipped, but we fall back on the compiled default of /tmp/krb5cc_0.

So, this one is half fixed, I think. ;-)

comment:3 Changed 3 years ago by psmedley

Those docs are for MIT kerberos, not heimdal.... not sure that heimdal supports this statement

comment:4 Changed 3 years ago by psmedley

ok, so default_cc_name is the correct value for heimdal. It fails as it's splitting the path based on a colon. so with home=c:/home/default it tries to load krb5.conf first from c then from /home/default

comment:5 Changed 3 years ago by lewisr

Oops, yes, I should have translated that to Heimdal; sorry. Pesky colon thing, again, I see.

comment:6 Changed 3 years ago by psmedley

Test fix sent to @lewisr - once confirmed OK I'll checkin the fix to svn

comment:7 Changed 3 years ago by lewisr

Fix works for me, though I think we should look in %ETC% for krb5.conf and not in %HOME%.

We rightly expand %{uid} and %{TEMP} (though not %TEMP%, understandably) in the conf.

comment:8 Changed 3 years ago by psmedley

comment:9 Changed 3 years ago by lewisr

  • Resolution set to fixed
  • Status changed from new to closed

This one works just as expected, Paul. Thanks.

Note: See TracTickets for help on using tickets.