... using ksu will result in KRB5CCNAME being set to MEMORY:_ksu and
having no credentials:
[bolt]toby: ksu . -n toby/root
WARNING: Your password may be exposed if you enter it here and are logged
in remotely using an unsecure (non-encrypted) channel.
Kerberos password for toby/[hidden email]: :
Leaving uid as toby (xxxxx)
klist: No credentials cache found
[bolt]toby: echo $KRB5CCNAME
This seems to happen in src/clients/ksu/main.c:resolve_target_cache...
The check to determine if the cache type is switchable resolves to true
and the subsequent call to krb5_cc_resolve_cache_match seems to match
on the 'MEMORY:_ksu' cache as used internally by ksu, hence this cache is
Note this is running the os-shipped 1.15.1 on Scientific Linux 7.5. It
doesn't appear that the relevant code has subsequently changed (in 1.16.2)
but I can't easily test the behaviour.
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.