From e77e0b508d2fbdfe55145842a6079f17a2625a6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Tue, 24 May 2005 11:58:27 +0000 Subject: [PATCH] KRB5CCNAME needs an literal uid, not ${uid}, spelling git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15220 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kcm/kcm.8 | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/kcm/kcm.8 b/kcm/kcm.8 index 72ee40819..3af400555 100644 --- a/kcm/kcm.8 +++ b/kcm/kcm.8 @@ -31,7 +31,7 @@ .\" .\" $Id$ .\" -.Dd May 3, 2005 +.Dd May 24, 2005 .Dt KCM 8 .Os Heimdal .Sh NAME @@ -92,27 +92,30 @@ is a process based credential cache. To use it, set the .Ev KRB5CCNAME enviroment variable to -.Q1 KCM:${uid} -or add the configuration file +.Ql KCM: Ns Ar uid +or add the stanza +.br +[libdefaults]default_cc_name KCM:${uid} +.br +to the .Pa /etc/krb5.conf -stanza [libdefaults]default_cc_name to KCM:${uid} and make sure +configuration file and make sure .Nm kcm is started in the system startup files. .Pp The .Nm daemon can hold the credentials for all users in the system. Access -control is done with Unix like permissions. The daemon check the +control is done with Unix-like permissions. The daemon checks the access on all operations based on the uid and gid of the user. The -ticket are are are renewed as long as it permitted by the KDC's -policy. +tickets are renewed as long as is permitted by the KDC's policy. .Pp The .Nm -daemon can also keep an SYSTEM credential that server processes can +daemon can also keep a SYSTEM credential that server processes can use to access services. One example of usage might be an nss_ldap -module that quickly needs to get credential and doesn't want to renew -the ticket themself. +module that quickly needs to get credentials and doesn't want to renew +the ticket itself. .Pp Supported options: .Bl -tag -width Ds