On Fri, 5 Feb 2010, George Mamalakis wrote:
I assume that this must have to do with kernel's KGSSAPI support, which
"forgets" to delete or renew its kerberos' cache.
Oops, missed this on the last reply. It is actually a cache of "handles"
for RPCSEC_GSS credentials allocated by the server
On Fri, 5 Feb 2010, George Mamalakis wrote:
shows no tickets. This could be also a security threat, in case different
kerberos principals (users in this setup) use a shared machine account to
logon, and then access their resources by kiniting to their respective
principals.
The kernel onl
What's more,
if I obtain (as root for example) a ticket for user mamalos and kdestroy
it, and then login as user root in a new terminal, the root user in the
new terminal has still all privileges of mamalos in the share. Klist, of
course, shows no tickets. This could be also a security threat,
