On Mon, 2013-07-15 at 16:15 +0000, Ondrej Valousek wrote:
> Ok. I agree that the problem needs to be fixed in kernel - lets hope
> the patches will find their way into RHEL 7 ;-).
I am not aware of any kernel issue.
> Does it mean that since Fedora 19 the default location of krb5.keytab
> is /var/lib/gssproxy?
no the default keytab is always /etc/krb5.keytab
> Odesláno ze Samsung Mobile
> -------- Původní zpráva --------
> Od: Simo Sorce <s...@redhat.com>
> Komu: "Adamson, Andy" <william.adam...@netapp.com>
> Kopie: and...@wasielewski.co.uk,firstname.lastname@example.org
> Předmět: Re: [Freeipa-users] Problem with Kerberised NFS mount
> On Fri, 2013-07-12 at 19:16 +0000, Adamson, Andy wrote:
> > On Jul 12, 2013, at 3:02 PM, Rob Crittenden <rcrit...@redhat.com>
> > wrote:
> > > Chuck Lever wrote:
> > >>
> > >> On Jul 12, 2013, at 2:43 PM, Ondrej Valousek
> > >> <mailto:ovalou...@vendavo.com>> wrote:
> > >>
> > >>> Just back to the Kerberized NFS. Any solution to RH bugzilla
> > >>> on the horizon yet?
> > >>> Expiring tickets will render the whole concept unusable
> > >>>
> > >>> Anyone?
> > >>
> > >> Ask on linux-...@vger.kernel.org
> <mailto:linux-...@vger.kernel.org>. I
> > >> know upstream is working on this problem.
> > >
> > > https://fedorahosted.org/gss-proxy/ will solve the problem.
> > Only for renewable tickets that gss-proxy renews. If a use has a
> non-renewable ticket, then the problem still exists. I'm working on a
> set of GSS expiry patches and I'll make sure this problem is solved in
> the kernel.
> Just to avoid confusion.
> GSS-Proxy doesn't really handle renews at this stage (except as a a
> possible side effect of GSSAPI doing it under the hood on its own), it
> only handles acquiring new credentials using keytabs or using existing
> valid credentials from a standard ccache pre-populated by the user.
> Simo Sorce * Red Hat, Inc * New York
> Freeipa-users mailing list
Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list