Re: F27 System Wide Change: Kerberos KCM credential cache by default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Jun 21, 2017 at 09:01:04AM +0200, Pavel Cahyna wrote:
> On Tue, Jun 20, 2017 at 08:45:48PM +0200, Jakub Hrozek wrote:
> > Well, UID of the peer accessing the socket is the access control key right
> > now. Unlike Heimdal's KCM, root doesn't have any special powers (with
> > Heimdal's KCM, root can list any ccache, with our implementation, only
> > that of UID 0).
> 
> How will rpc.gssd retrieve users' tickets then?

Maybe I misspoke -- root can be configured to list any user's ccache,
e.g:
    KRB5CCNAME=KCM:123 klist
although I wanted to disable this by default. I admit I didn't think
about NFS. Does rpc.gssd still need to access any user's ccache even in
the age of gssproxy?
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux