Cannot override default credential cache location

[Lewis Rosenthal]

This is the real issue underlying #2, I think.

Documentation says that the default credential location, DEFCCNAME, hardcoded as FILE:/tmp/krb5cc_%{uid} on *nix systems (see ​http://web.mit.edu/kerberos/krb5-1.12/doc/mitK5defaults.html#paths) may be overridden either by setting default_ccache_name in krb5.conf or by setting the env var, KRB5CCNAME. However, it appears that neither of these actually override DEFCCNAME.

Workarounds include ensuring that the klibc path rewriter is installed or even manually creating \tmp on the same volume on which the session is currently logged.

[Lewis Rosenthal]

It seems that with:

7-04-15 6:02 160,318 124 klist.exe

Environment variables work for, say:

[c:\]set KRB5CCNAME=FILE:%TEMP%/krb5cc_0

but setting default_ccache_name in the [libdefaults] section of krb5.conf as:

default_ccache_name = FILE:%{TEMP}/krb5cc_%{uid}

does not. I can't tell whether the parameter expansion is completely skipped, but we fall back on the compiled default of /tmp/krb5cc_0.

So, this one is half fixed, I think. ;-)

[Paul Smedley]

Those docs are for MIT kerberos, not heimdal.... not sure that heimdal supports this statement

[Paul Smedley]

ok, so default_cc_name is the correct value for heimdal. It fails as it's splitting the path based on a colon. so with home=c:/home/default it tries to load krb5.conf first from c then from /home/default

[Lewis Rosenthal]

Oops, yes, I should have translated that to Heimdal; sorry. Pesky colon thing, again, I see.

[Paul Smedley]

Test fix sent to @lewisr - once confirmed OK I'll checkin the fix to svn

[Lewis Rosenthal]

Fix works for me, though I think we should look in %ETC% for krb5.conf and not in %HOME%.

We rightly expand %{uid} and %{TEMP} (though not %TEMP%, understandably) in the conf.

[Paul Smedley]

​http://smedley.id.au/tmp/krb5.zip looks in %ETC%

[Lewis Rosenthal]

This one works just as expected, Paul. Thanks.