On Mon, 2014-09-15 at 09:44 +0100, [email protected] wrote: > Wendy, > > rpc.gssd on Linux looks in /tmp for files which start with krb5cc. The > location where rpc.gssd is looking can be overridden with the -d option.
Hi On systemd they're not under /tmp but default to /run/user instead. Could that be your issue? > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Wendy Lin > Sent: 15 September 2014 08:44 > To: Frank Cusack > Cc: <[email protected]> > Subject: Re: How does the NFS client find a users tickets in a > filesystem? > > On 14 September 2014 23:46, Frank Cusack <[email protected]> wrote: > > On Fri, Sep 12, 2014 at 8:53 AM, Wendy Lin <[email protected]> > wrote: > >> How does the NFS client (say, Linux and AIX) find a users krb5 > >> tickets in the filesystem? Does /sbin/mount forward the ticket to > rpc.gssd? > >> > > There's a so-called 'upcall' mechanism in the filesystem. rpc.gssd > > gets requests from the nfs client through that and sends the answers > > through the same mechanism. It's very patchwork IMHO. > > > > /sbin/mount and mounts_nfs per se have no knowledge of this > > authentication backdoor. > > How does rpc.gssd find the tickets? They can be anywhere, as defined by > the KRB5CCNAME variable in the user's environment. > > Wendy > > > > >> > >> Wendy > >> ________________________________________________ > >> Kerberos mailing list [email protected] > >> https://mailman.mit.edu/mailman/listinfo/kerberos > > > > > > > > -- > Wendy > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > Visit our website at http://www.ubs.com > > This message contains confidential information and is intended only > for the individual named. If you are not the named addressee you > should not disseminate, distribute or copy this e-mail. Please > notify the sender immediately by e-mail if you have received this > e-mail by mistake and delete this e-mail from your system. > > E-mails are not encrypted and cannot be guaranteed to be secure or > error-free as information could be intercepted, corrupted, lost, > destroyed, arrive late or incomplete, or contain viruses. The sender > therefore does not accept liability for any errors or omissions in the > contents of this message which arise as a result of e-mail transmission. > If verification is required please request a hard-copy version. This > message is provided for informational purposes and should not be > construed as a solicitation or offer to buy or sell any securities > or related financial instruments. > > UBS Limited is authorised by the Prudential Regulation Authority > and regulated by the Financial Conduct Authority and the Prudential > Regulation Authority. > > UBS AG is a public company incorporated with limited liability in > Switzerland domiciled in the Canton of Basel-City and the Canton of > Zurich respectively registered at the Commercial Registry offices in > those Cantons with new Identification No: CHE-101.329.561 as from 18 > December 2013 (and prior to 18 December 2013 with Identification > No: CH-270.3.004.646-4) and having respective head offices at > Aeschenvorstadt 1, 4051 Basel and Bahnhofstrasse 45, 8001 Zurich, > Switzerland and is authorised and regulated by the Financial Market > Supervisory Authority in Switzerland. Registered in the United > Kingdom as a foreign company with No: FC021146 and having a UK > Establishment registered at Companies House, Cardiff, with > No: BR 004507. The principal office of UK Establishment: 1 Finsbury > Avenue, London EC2M 2PP. In the United Kingdom, UBS AG is authorised > by the Prudential Regulation Authority and subject to regulation > by the Financial Conduct Authority and limited regulation by the > Prudential Regulation Authority. Details about the extent of our > regulation by the Prudential Regulation Authority are available > from us on request. > > UBS reserves the right to retain all messages. Messages are protected > and accessed only in legally justified cases. > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
