Bugzilla – Full Text Bug Listing
- Home
- | New
- | Browse
- | Search
- | [?]
- | Reports
- | Help
- | New Account
- | Log In
- | Forgot Password
| Summary: | tl-kinit.sh/kinit problem with heimdal and default ccname | ||
|---|---|---|---|
| Product: | ThinLinc | Reporter: | tobias.haas |
| Component: | Misc | Assignee: | Bugzilla mail exporter <bugzilla-qa> |
| Status: | NEW --- | ||
| Severity: | Normal | ||
| Priority: | P2 | ||
| Version: | 4.10.0 | ||
| Target Milestone: | MediumPrio | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Acceptance Criteria: | |||
| Attachments: | Patched tl-kinit.sh | ||
Won't applications ignore $KRB5CCNAME the same way kinit does in those cases? I didn't notice that this is the case. For example klist uses the value in the variable. To me it seems that only on ticket creation the option is applied. But I'm no expert in this topic. Further tests with kdestroy, ldapsearch and Thunderbird (gssapi) gave the same result. They use the value in the variable and not the default value in krb5.conf. |
Created attachment 960 [details] Patched tl-kinit.sh Testing thinlinc on Debian Buster with KCM we noticed that heimdal kinit ignores the KRB5CCNAME environment varible if [appdefaults] ccache = KCM:%u... is set in /etc/krb5.conf (it always uses the default value in our setup). Thus, tl-kinit.sh generates a ticket cache in the wrong place. We suggest setting the path explicitly using kinit -c "${KRB5CCNAME}", see attachment. This fixes the problem in our setup. As far as I know, this option should be the same for heimdal and MIT and I don't see anything that should be broken using -c option.