Re: KRB5CCNAME and sshd

"Douglas E. Engert" wrote:
>>
>> I have "GSSAPIAuthentication yes" in sshd_config on the server machine
>> and in ssh_config on the client machine.
>>
>> Each time I ssh into the server machine, the value of KRB5CCNAME
>> (probably set by sshd) is different. Is there a way to keep it
>> the same every time I login?
>
> Not really. Most people want session bassed credential cashes,
> so that multiple sessions on the same machine do not interfere with
> each other. SSH will delete the session cache at the end of a session
> if it created it.
>
> But then again you might want be able to refressh credentials,
> in your other sessions. This could be done manually by replacing
> the UID based common cache and unsetting the KRB5CCNAME set by sshd.
> But don't destory the shared cache. Watch out for console logins
> that ususlly use the default cache name.

I will tell you what I am trying to achieve, perhaps you can give me
advice.

I "kinit -f" on the client box at home and then ssh to the server box
at work. On the server box, I have screen(1) running, which I
reattach after login and detach before logout. It runs for weeks and
even months on end.

You know that all screen "sessions" or "windows" inherit the
environment variables from the shell where screen was started
initially. So, $KRB5CCNAME in the screen "sessions" points to stale
credential caches, even though the fresh credentials have been
correctly forwarded from the client machine and are available in some
new place (but there is no way to inform the applications within
screen about this new place).

I would like to achieve that if my credentials have been forwarded to
the server box, they should be refreshed in all the screen windows.
>
>>
>> The value of "/tmp/krb5cc_NN" where NN is my uid would be fine.
>>
>> I am running OpenSSH 3.8.1 on FreeBSD 5.x
>>
>

--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
.

Relevant Pages

  • Re: Storing application specific information
    ... It looks like application cache is the way to go. ... Using session wouldn't help solve that problem either. ... > expensive to retrieve them from the original source. ... > server), you are probably hurting yourself more than helping. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Storing application specific information
    ... application cache but I was concerned because of the web farm architecture ... Yes, it will be retrieved once for each server in a farm, ... You can configure session to use the Session ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: What Event Occurs When Someone Leaves Your Web Site?
    ... session variables is with the session timeout? ... The client browser sends a request to the server, the server process the request, the server sends back a response. ... If the client machine doesn't send another request to the server because maybe the user navigated to another website or just closed the browser, the server has no way of knowing... ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: My ASP.NET Page theory!
    ... The cache is at the client machine, the page has been disposed at the server. ... Prev by Date: ...
    (microsoft.public.dotnet.framework.aspnet)
  • Whats the best way to mirror asp.net session variables across servers?
    ... ASP.NET page cache. ... If the session timesout after a few minutes of idlement, ... So far this works on a single server web garden because the asp.net ... to advoid using a database solution, and would prefer some way to ...
    (microsoft.public.dotnet.framework.aspnet)
Loading