[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] Kerberos support for screen

From: inode0
Subject: Re: [PATCH] Kerberos support for screen
Date: Sat, 26 Feb 2005 11:16:56 -0600

On Sat, 26 Feb 2005 17:30:26 +0100, Fredrik Tolf <address@hidden> wrote:
> Hi all!
> I was having some trouble with Kerberos and screen, so I wrote this
> patch. Not sure if I should send patches to "screen-users", but I
> couldn't find any other mailing list. =)

I've been dealing with these issues for a long time too but I didn't
perceive it to be a problem with screen.

> Anyway, my basic problems were two:
> 1. If one logs in with Kerberos support and thereby gets tickets and
> then starts a screen, that screen session will use the same credential
> cache. If one then detaches the screen and logs out, the login program
> will remove the credential cache, and the processes running in the
> detached screen will be ticket-less. Therefore, this patch makes a copy
> of the credential cache and ensures that all processes in the screen
> session will use it.

I put my credential cache in a location where it won't be deleted
either by configuring kerberos to do that by default or by setting the
appropriate environment variables. That seems to solve this problem
for me.

> 2.  If I start a screen, detach it and let it lie for some time, the
> tickets will expire if I don't manually log in once in a while and renew
> them manually. Therefore, this patch renews the tickets when necessary
> (it registers an event that runs once per minute and examines if it's
> time to renew the tickets, and does so if it deems it good).

This one is more philosophical to me. The situations where I'm using
screen/kerberos together tend to be on fairly secure machines where
I'm comfortable leaving long tickets sitting on the machine. Renewing
them is a bit annoying, but doing that once a month hasn't been that
annoying to me. Maybe I just haven't quite made the mental adjustment
going from krb4 philosophy to krb5 yet?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]