Ok. I agree that the problem needs to be fixed in kernel - lets hope the patches will find their way into RHEL 7 ;-). Does it mean that since Fedora 19 the default location of krb5.keytab is /var/lib/gssproxy? O.
Odesláno ze Samsung Mobile -------- Původní zpráva -------- Od: Simo Sorce <s...@redhat.com> Datum: Komu: "Adamson, Andy" <william.adam...@netapp.com> Kopie: and...@wasielewski.co.uk,freeipa-users@redhat.com Předmět: Re: [Freeipa-users] Problem with Kerberised NFS mount On Fri, 2013-07-12 at 19:16 +0000, Adamson, Andy wrote: > On Jul 12, 2013, at 3:02 PM, Rob Crittenden <rcrit...@redhat.com> > wrote: > > > Chuck Lever wrote: > >> > >> On Jul 12, 2013, at 2:43 PM, Ondrej Valousek <ovalou...@vendavo.com > >> <mailto:ovalou...@vendavo.com>> wrote: > >> > >>> Just back to the Kerberized NFS. Any solution to RH bugzilla #786463 > >>> on the horizon yet? > >>> Expiring tickets will render the whole concept unusable otherwise. > >>> > >>> Anyone? > >> > >> Ask on linux-...@vger.kernel.org <mailto:linux-...@vger.kernel.org>. I > >> know upstream is working on this problem. > > > > https://fedorahosted.org/gss-proxy/ will solve the problem. > > Only for renewable tickets that gss-proxy renews. If a use has a > non-renewable ticket, then the problem still exists. I'm working on a set of > GSS expiry patches and I'll make sure this problem is solved in the kernel. Just to avoid confusion. GSS-Proxy doesn't really handle renews at this stage (except as a a possible side effect of GSSAPI doing it under the hood on its own), it only handles acquiring new credentials using keytabs or using existing valid credentials from a standard ccache pre-populated by the user. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users