On Jul 31, 2013, at 5:05 AM, Andreas Hauffe <[email protected]>
wrote:
> Yes, it is a OpenSuSE 12.3 client. So this means, this is a completely normal
> behaviour?
>
> Andreas
>
> Am Mittwoch, 31. Juli 2013, 10:01:20 schrieb [email protected]:
>> I assume this is a Linux client? Yes, the security context established by
>> rpc.gssd is cached. - mo
>>
>> -----Original Message-----
>> From: [email protected] [mailto:[email protected]] On Behalf
>> Of Andreas Hauffe Sent: 31 July 2013 10:47
>> To: [email protected]
>> Subject: Re: Kerberos+NFS4
>>
>> Ok, this is a behaviour I can understand. If the user was logged in and is
>> now completely logged out (even with kdestroy) there is no
>> /tmp/krb5cc_<uid>*. But the local root can still access the data with a 'su
>> $USERNAME'. Is there some kind of cache?
>>
>> Andreas
>>
According to the man page, the security context will last for the lifetime of
the Kerberos ticket used to establish it.
It seems that kdestroy does not invalidate the context and it lives on.
This should be easy to test: just establish a ccache that expires after a few
minutes, kdestroy the ccache and observe the behaviour you've described
previously. Then wait for the natural ticket expiration period that you set and
check again.
jd
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
