On Mon, 24 Mar 2008, Jim Carter wrote:
> There are complaints that rpc.gssd only looks for /tmp/krb5cc_${UID}
> whereas pam_krb5 uses /tmp/krb5cc__{UID}_XXXXXX (randomized by mktemp).
> There is supposed to be a patch for this but I haven't discovered yet
> whether I have it.
Even Red Hat 4 appears to have an rpc.gssd that does a more extensive
search for credentials, presumably any reasonably modern distribution will
as well.
> Access will not happen unless the KDC has nfs/[EMAIL PROTECTED] for both hosts
> (can't mount) and for the user (can't create security context for
> read/write).
With newer versions of rpc.gssd you can tell it to use supplied credentials
rather than machine credentials for the mount and for root access. This
allows you to use secure NFS from a client on which you cannot obtain a
host principal. It's not particularly convenient though...
--
Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst | [EMAIL PROTECTED]
California State Polytechnic University | Pomona CA 91768
_______________________________________________
autofs mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/autofs
