On 14 September 2014 23:46, Frank Cusack <[email protected]> wrote: > On Fri, Sep 12, 2014 at 8:53 AM, Wendy Lin <[email protected]> wrote: >> How does the NFS client (say, Linux and AIX) find a users krb5 tickets >> in the filesystem? Does /sbin/mount forward the ticket to rpc.gssd? >> > There's a so-called 'upcall' mechanism in the filesystem. rpc.gssd gets > requests from the nfs client through that and sends the answers through the > same mechanism. It's very patchwork IMHO. > > /sbin/mount and mounts_nfs per se have no knowledge of this authentication > backdoor.
How does rpc.gssd find the tickets? They can be anywhere, as defined by the KRB5CCNAME variable in the user's environment. Wendy > >> >> Wendy >> ________________________________________________ >> Kerberos mailing list [email protected] >> https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Wendy ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
