On Tue, 2008-03-25 at 12:51 -0800, Paul B. Henson wrote:
> On Mon, 24 Mar 2008, Jim Carter wrote:
>
> > There are complaints that rpc.gssd only looks for /tmp/krb5cc_${UID}
> > whereas pam_krb5 uses /tmp/krb5cc__{UID}_XXXXXX (randomized by mktemp).
> > There is supposed to be a patch for this but I haven't discovered yet
> > whether I have it.
>
> Even Red Hat 4 appears to have an rpc.gssd that does a more extensive
> search for credentials, presumably any reasonably modern distribution will
> as well.
>
> > Access will not happen unless the KDC has nfs/[EMAIL PROTECTED] for both
> > hosts
> > (can't mount) and for the user (can't create security context for
> > read/write).
>
> With newer versions of rpc.gssd you can tell it to use supplied credentials
> rather than machine credentials for the mount and for root access. This
> allows you to use secure NFS from a client on which you cannot obtain a
> host principal. It's not particularly convenient though...
Are both of you implying that with kerberized nfs, the local root user
can access a regular users nfs automounted home mounted with
-oroot_squash? Eg. Is this the answer I was looking for at the top of
this thread?
Regards,
-C
_______________________________________________
autofs mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/autofs
