Actually disable credential cache for krb5 provisioner (#490)

* Actually disable credential cache for krb5 provisioner

`KRB5CCNAME=MEMORY` will store the cache in a file named `MEMORY`, `KRB5CCNAME=MEMORY:` will store the cache in memory (as intended).

* Changelog

Author: nightkr

CHANGELOG.md

@@ -8,7 +8,12 @@ All notable changes to this project will be documented in this file.
 
 - Active Directory's `samAccountName` generation can now be customized ([#454]).
 
+### Fixed
+
+- Fixed Kerberos keytab provisioning reusing its credential cache ([#490]).
+
 [#454]: https://github.com/stackabletech/secret-operator/pull/454
+[#490]: https://github.com/stackabletech/secret-operator/pull/490
 
 ## [24.7.0] - 2024-07-24
 

rust/krb5-provision-keytab/src/lib.rs

@@ -75,7 +75,7 @@ pub async fn provision_keytab(krb5_config_path: &Path, req: &Request) -> Result<
         // ldap3 uses the default client keytab to authenticate to the LDAP server
         .env("KRB5_CLIENT_KTNAME", &req.admin_keytab_path)
         // avoid leaking credentials between secret volumes/secretclasses
-        .env("KRB5CCNAME", "MEMORY")
+        .env("KRB5CCNAME", "MEMORY:")
         .stdin(Stdio::piped())
         .stdout(Stdio::piped())
         .spawn()