On Mon, 2015-03-16 at 10:33 +0100, Robert Wehn wrote:
> Hello *
>
> @Brandon, Ben:
> On 13.03.2015, 15:05 Brandon Allbery wrote:
> > ... the whole business about snooping ticket caches and caching its
> > own private copy is concerning security-wise and seems like it
> > would easily become confus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello *
@Brandon, Ben:
On 13.03.2015, 15:05 Brandon Allbery wrote:
> ... the whole business about snooping ticket caches and caching its
> own private copy is concerning security-wise and seems like it
> would easily become confused.
On 13.03.2015, 1
On Fri, 2015-03-13 at 14:05 +, Brandon Allbery wrote:
> On Fri, 2015-03-13 at 14:55 +0100, Robert Wehn wrote:
> > There is a bug report/suggested patch which seems to make it possible
> > but never seemed to get into the kernel:
> > http://www.spinics.net/lists/linux-nfs/msg34236.html
> >
> >
On Fri, 13 Mar 2015, Robert Wehn wrote:
> - - klist
> -> TGT for jane@REALM
> BUT!
> -> localuser can still access alice's files
> -> localuser can never access jane's files
> -> no new NFS service ticket fetched or needed till the end
> of the ticket lifetime
>
> What doesn't help:
>
On Fri, 2015-03-13 at 14:55 +0100, Robert Wehn wrote:
> There is a bug report/suggested patch which seems to make it possible
> but never seemed to get into the kernel:
> http://www.spinics.net/lists/linux-nfs/msg34236.html
>
> What is your opinion to this behavior?
> Do you think this is reasonab
