HomeBlogsvjt's blog

Making the CCacheServer Kerberos Ticket server actually Work(tm) on OSX

Wed, 2008-11-12 21:21 — vjt

If you're wondering *why* the CCacheServer daemon, that caches in memory Kerberos tickets obtained via kinit(1) is NOT starting .. that's because of a *strange* bug regarding the LimitLoadToSessionType specified into the agent .plist, located into

/System/Library/LaunchAgents/edu.mit.kerberos.CCacheServer.plist

on OSX 10.5 systems.

You simply have to comment out these two lines:

<key>LimitLoadToSessionType</key>
<string>Background</string>

And either

launchctl load \
  /System/Library/LaunchAgents/edu.mit.kerberos.CCacheServer.plist

or reboot your system Eye-wink.

CCacheServer will then be instantiated when you do a kinit:

$ kinit
Please enter the password for : 

$ klist
Kerberos 5 ticket cache: 'API:Initial default ccache'
Default principal: 

Valid Starting     Expires            Service Principal
11/12/08 20:59:35  11/13/08 06:59:14  krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL
	renew until 11/19/08 20:59:35

The bug is *strange* because the LimitLoadToSessionType key actually *should* instruct launchd to automatically start up the daemon and run it once for every logged in user, when kinit asks its services. But, if the key is set in the .plist, a launchctl load on it fails with "nothing found to load". Weird!

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <pre> <span>
  • Textual smileys will be replaced with graphical ones.
  • Inline assets are allowed.
  • You can use BBCode tags in the text, URLs will automatically be converted to links.

More information about formatting options

============================================================================================================================================