Thank you for the information and the patch. I will try do some more
testing then.
Kind Regards
Markus
"Ken Hornstein" wrote in message news:
mailman.0.1633957533.27705.kerberos@mit.edu...
It is
#sw_vers
ProductName: macOS
ProductVersion: 11.6
BuildVersion: 20G165
Alright, so, Big Sur.
There were significant changes in the credential cache support on Big Sur.
I didn't check for file cache support, but .... it looks like to me that
in fact Kerberos on Big Sur _does_ respect the KRB5CCNAME enviroment
variable:
% env KRB5CCNAME=FILE:/tmp/foo klist
Credentials cache: FILE:/tmp/foo
Principal:
kenh@CMF.NRL.NAVY.MIL
[...]
Now it may be that gss_init_sec_context() may be doing something slightly
more magical. If that is the case ... well, I'm not sure there is an
easy fix for that.
You can share API credential caches; previously to Big Sur it used Mach
Ports
for the IPC mechanism, and that was based on the Unix userid for access.
With the new mechanism, I am not sure how that works, exactly. Specifically
I do not know whether or not you can access one set of credentials from
another login session.
Regarding your problem with MIT Kerberos, I think your problem THERE is
that MIT Kerberos does not support the new credential cache mechanism on
Big Sur, and basically that error you are getting means "No credentials
found". I submitted a pullup request to add support for that, and it
is here:
https://github.com/krb5/krb5/pull/1221
If you apply that patch to MIT Kerberos, it might work better for you.
--Ken
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)