Re: Multiple principals from different realms via kinit?

hen using multiple client principals. > > As mentioned already, kswitch is also useful in these situations. How do services like NFSv4, HTTP/spnego or GSSAPI know which of the entries is the one they want? Ced -- Cedric Blancher Institute Pasteur ___

Re: Multiple principals from different realms via kinit?

On 28 August 2014 15:31, Simo Sorce wrote: > On Thu, 2014-08-28 at 14:36 +0200, Cedric Blancher wrote: >> On 27 August 2014 18:16, Benjamin Kaduk wrote: >> > On Wed, 27 Aug 2014, ольга крыжановская wrote: >> > >> >> How can I use multiple principals from di

How to use NFS with multiple principals in different realms?

How can I use NFS with kerberos krb5p auth when I want to use NFS filesystems which come from different realms? I know klist -A can show all tickets I got from all realms I kinit to - but how can NFS use them? OS is RHEL7 Ced -- Cedric Blancher Institute Pasteur

Re: How to use NFS with multiple principals in different realms?

y have to kinit into multiple realms? Kerberos since 1.10 can do that and klist now has a new flag -A to list all entries if KRB5CCNAME points to a directory, e.g. KRB5CCNAME=DIR:/tmp/krbcc$UID/ Ced -- Cedric Blancher Institute Pasteur Kerberos m

Re: nfsv4 sec=krb5p and user impersonation

must have proper tickets in your cache and use kswitch before calling mount and b) you must always specify auth=krb5p or krb5i if you want Kerberos authentication. Other NFS implementations just negotiate the authentication required and try from strongest to weakest authentication method as provided by t

Re: How to use NFS with multiple principals in different realms?

On 4 September 2014 20:35, Simo Sorce wrote: > On Thu, 2014-09-04 at 14:32 +0200, Jurjen Bokma wrote: >> On 09/04/2014 01:25 PM, Cedric Blancher wrote: >> > On 4 September 2014 11:33, Jurjen Bokma wrote: >> >> You use cross realm authentication, so that your NFS c

Re: How to use NFS with multiple principals in different realms?

On 10 September 2014 15:06, Simo Sorce wrote: > > > - Original Message - >> From: "Cedric Blancher" >> To: "Simo Sorce" >> Cc: "Jurjen Bokma" , "" >> , "Linux NFS Mailing List" >> , "Stev

Re: How to use NFS with multiple principals in different realms?

On 17 September 2014 17:05, Simo Sorce wrote: > On Wed, 17 Sep 2014 13:20:19 +0200 > Cedric Blancher wrote: > >> What happens if there is no relation between KRB Realm names and >> FQDN/DNS? Can the NFS client find out which KRB Realm is used by the >> server? >

DEBUG: Context data in KDC to peek which principal/realm is currently being processed?

We're debugging a KDC problem and ran into a wall. Is there any context data in KDC to peek which principal and realm is currently being processed in the KDC? Ced -- Cedric Blancher Institute Pasteur Kerberos mailing list Ker

Remove KEYRING from kernel! Re: KEYRING:persistent and ssh

-- > Russ Allbery (ea...@eyrie.org) <http://www.eyrie.org/~eagle/> > > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos -- Cedric Blancher [https://plus.google.com/u/0/+CedricBlancher/] Institute Pasteur

Re: KEYRING:persistent and ssh

; now, disabling it is going to cause hard to diagnose issues or limit the > features you can use. That's hard to believe now that AWS and Google clouds have keyring support patched out of their kernels (SEL at least), too. Syscalls are still there but