Wendy, rpc.gssd on Linux looks in /tmp for files which start with krb5cc. The location where rpc.gssd is looking can be overridden with the -d option.
- mo -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Wendy Lin Sent: 15 September 2014 08:44 To: Frank Cusack Cc: <[email protected]> Subject: Re: How does the NFS client find a users tickets in a filesystem? On 14 September 2014 23:46, Frank Cusack <[email protected]> wrote: > On Fri, Sep 12, 2014 at 8:53 AM, Wendy Lin <[email protected]> wrote: >> How does the NFS client (say, Linux and AIX) find a users krb5 >> tickets in the filesystem? Does /sbin/mount forward the ticket to rpc.gssd? >> > There's a so-called 'upcall' mechanism in the filesystem. rpc.gssd > gets requests from the nfs client through that and sends the answers > through the same mechanism. It's very patchwork IMHO. > > /sbin/mount and mounts_nfs per se have no knowledge of this > authentication backdoor. How does rpc.gssd find the tickets? They can be anywhere, as defined by the KRB5CCNAME variable in the user's environment. Wendy > >> >> Wendy >> ________________________________________________ >> Kerberos mailing list [email protected] >> https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Wendy ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos Visit our website at http://www.ubs.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mails are not encrypted and cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. UBS Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. UBS AG is a public company incorporated with limited liability in Switzerland domiciled in the Canton of Basel-City and the Canton of Zurich respectively registered at the Commercial Registry offices in those Cantons with new Identification No: CHE-101.329.561 as from 18 December 2013 (and prior to 18 December 2013 with Identification No: CH-270.3.004.646-4) and having respective head offices at Aeschenvorstadt 1, 4051 Basel and Bahnhofstrasse 45, 8001 Zurich, Switzerland and is authorised and regulated by the Financial Market Supervisory Authority in Switzerland. Registered in the United Kingdom as a foreign company with No: FC021146 and having a UK Establishment registered at Companies House, Cardiff, with No: BR 004507. The principal office of UK Establishment: 1 Finsbury Avenue, London EC2M 2PP. In the United Kingdom, UBS AG is authorised by the Prudential Regulation Authority and subject to regulation by the Financial Conduct Authority and limited regulation by the Prudential Regulation Authority. Details about the extent of our regulation by the Prudential Regulation Authority are available from us on request. UBS reserves the right to retain all messages. Messages are protected and accessed only in legally justified cases. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
