On 14 September 2014 23:46, Frank Cusack wrote:
> On Fri, Sep 12, 2014 at 8:53 AM, Wendy Lin wrote:
>> How does the NFS client (say, Linux and AIX) find a users krb5 tickets
>> in the filesystem? Does /sbin/mount forward the ticket to rpc.gssd?
>>
> There's a so-called 'upcall' mechanism in the f
Wendy,
rpc.gssd on Linux looks in /tmp for files which start with krb5cc. The
location where rpc.gssd is looking can be overridden with the -d option.
- mo
-Original Message-
From: kerberos-boun...@mit.edu [mailto:kerberos-boun...@mit.edu] On
Behalf Of Wendy Lin
Sent: 15 September 2014 0
On Sun, 14 Sep 2014, Rick van Rein wrote:
> Hello Benjamin,
>
> >> Am I correct that the kfw-4.0 GUI does not support a Canonicalisation
> >> option for the principal name?
> >
> > I'm not sure I understand the question correctly. Are you asking about
> > RFC 6806 name canonicalization, as used f
On 09/13/2014 12:52 PM, Rick van Rein wrote:
> But this leaves me a bit worried about the KRB5-NT-ENTERPRISE nametype — does
> it apply to what I am doing? Does my approach create a correct enterprise
> principal name, or am I so lucky to run into leniency by Kerberos?
As I understand the enter
On Mon, 2014-09-15 at 09:44 +0100, moritz.will...@ubs.com wrote:
> Wendy,
>
> rpc.gssd on Linux looks in /tmp for files which start with krb5cc. The
> location where rpc.gssd is looking can be overridden with the -d option.
Hi
On systemd they're not under /tmp but default to /run/user instead.
Co
There's a so-called 'upcall' mechanism in the filesystem. rpc.gssd gets
requests from the nfs client through that and sends the answers through the
same mechanism. It's very patchwork IMHO.
/sbin/mount and mounts_nfs per se have no knowledge of this authentication
backdoor.
On Fri, Sep 12, 2014
