Making the CCacheServer Kerberos Ticket server actually Work(tm) on OSX
If you’re wondering why the CCacheServer daemon, that caches in memory Kerberos tickets obtained via kinit(1) is NOT starting .. that’s because of a strange bug regarding the LimitLoadToSessionType specified into the agent .plist, located into
/System/Library/LaunchAgents/edu.mit.kerberos.CCacheServer.plist
on OSX 10.5 systems.
You simply have to comment out these two lines:
<key>LimitLoadToSessionType</key>
<string>Background</string>
launchctl load \
/System/Library/LaunchAgents/edu.mit.kerberos.CCacheServer.plist
or reboot your system ;).
CCacheServer will then be instantiated when you do a kinit:
$ <b>kinit</b>
Please enter the password for vjt@DOMAIN.LOCAL:
$ <b>klist</b>
Kerberos 5 ticket cache: 'API:Initial default ccache'
Default principal: vjt@DOMAIN.LOCAL
Valid Starting Expires Service Principal
11/12/08 20:59:35 11/13/08 06:59:14 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL
renew until 11/19/08 20:59:35
The bug is strange because the LimitLoadToSessionType key actually should instruct launchd to automatically start up the daemon and run it once for every logged in user, when kinit asks its services. But, if the key is set in the .plist, a launchctl load on it fails with “nothing found to load”. Weird!
About this entry
You’re currently reading “Making the CCacheServer Kerberos Ticket server actually Work(tm) on OSX”, an entry on sindro.me
- Published:
- 11.12.08 / 21PM
- Updated:
- 05.31.09 / 18PM
- Sections:
- number 42
- Tags:
