On Mon, 2013-07-15 at 16:15 +0000, Ondrej Valousek wrote: > Ok. I agree that the problem needs to be fixed in kernel - lets hope > the patches will find their way into RHEL 7 ;-).
I am not aware of any kernel issue. > Does it mean that since Fedora 19 the default location of krb5.keytab > is /var/lib/gssproxy? no the default keytab is always /etc/krb5.keytab > Simo. > > > Odesláno ze Samsung Mobile > > > > -------- Původní zpráva -------- > Od: Simo Sorce <s...@redhat.com> > Datum: > Komu: "Adamson, Andy" <william.adam...@netapp.com> > Kopie: and...@wasielewski.co.uk,email@example.com > Předmět: Re: [Freeipa-users] Problem with Kerberised NFS mount > > > > On Fri, 2013-07-12 at 19:16 +0000, Adamson, Andy wrote: > > On Jul 12, 2013, at 3:02 PM, Rob Crittenden <rcrit...@redhat.com> > > wrote: > > > > > Chuck Lever wrote: > > >> > > >> On Jul 12, 2013, at 2:43 PM, Ondrej Valousek > <ovalou...@vendavo.com > > >> <mailto:ovalou...@vendavo.com>> wrote: > > >> > > >>> Just back to the Kerberized NFS. Any solution to RH bugzilla > #786463 > > >>> on the horizon yet? > > >>> Expiring tickets will render the whole concept unusable > otherwise. > > >>> > > >>> Anyone? > > >> > > >> Ask on linux-...@vger.kernel.org > <mailto:linux-...@vger.kernel.org>. I > > >> know upstream is working on this problem. > > > > > > https://fedorahosted.org/gss-proxy/ will solve the problem. > > > > Only for renewable tickets that gss-proxy renews. If a use has a > non-renewable ticket, then the problem still exists. I'm working on a > set of GSS expiry patches and I'll make sure this problem is solved in > the kernel. > > Just to avoid confusion. > > GSS-Proxy doesn't really handle renews at this stage (except as a a > possible side effect of GSSAPI doing it under the hood on its own), it > only handles acquiring new credentials using keytabs or using existing > valid credentials from a standard ccache pre-populated by the user. > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > > _______________________________________________ > Freeipa-users mailing list > Freeipafirstname.lastname@example.org > https://www.redhat.com/mailman/listinfo/freeipa-users > -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users