[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)

On Mon, Sep 01, 2008 at 02:50:29PM +0200, Wouter Verhelst wrote:

> By setting the "GSSAPICleanupCredentials" option in sshd_config, the
> credentials cache is destroyed upon logout (this can also be done
> through the session component of libpam_krb5.so).

... but pam_krb5.so shouldn't be used for this, since that involves handing
passwords to the remote server. :)

> I'm not entirely sure whether destroying a credentials cache means the KDC
> is also instructed to revoke the TGT and cannot check currently, but I
> believe this is the case.

It does not; that would be unnecessary communication with the KDC.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Reply to: