Making the CCacheServer Kerberos Ticket server actually Work(tm) on OSX
If you’re wondering why the CCacheServer
daemon, that caches in memory Kerberos tickets obtained via kinit
(1) is NOT starting .. that’s because of a strange bug regarding the LimitLoadToSessionType
specified into the agent .plist, located into
/System/Library/LaunchAgents/edu.mit.kerberos.CCacheServer.plist
on OSX 10.5 systems.
You simply have to comment out these two lines:
<key>LimitLoadToSessionType</key>
<string>Background</string>
And either
launchctl load \
/System/Library/LaunchAgents/edu.mit.kerberos.CCacheServer.plist
or reboot your system ;).
CCacheServer will then be instantiated when you do a kinit
:
$ <b>kinit</b>
Please enter the password for vjt@DOMAIN.LOCAL:
$ <b>klist</b>
Kerberos 5 ticket cache: 'API:Initial default ccache'
Default principal: vjt@DOMAIN.LOCAL
Valid Starting Expires Service Principal
11/12/08 20:59:35 11/13/08 06:59:14 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL
renew until 11/19/08 20:59:35
The bug is strange because the LimitLoadToSessionType
key actually should instruct launchd to automatically start up the daemon and run it once for every logged in user, when kinit
asks its services. But, if the key is set in the .plist, a launchctl load
on it fails with “nothing found to load
”. Weird!
About this entry
You’re currently reading “Making the CCacheServer Kerberos Ticket server actually Work(tm) on OSX”, an entry on sindro.me
- Published:
- 11.12.08 / 21PM
- Updated:
- 05.31.09 / 18PM
- Sections:
- number 42
- Tags: