> No, gssd (the client side daemon) will search /tmp for anything that > looks like a credcache for the right user, verify that it is a > credcache and then pick the one with the latest TGT expiration. > You're correct that NFS ignores $KRB5CCNAME. It uses the above (less > than optimal) heuristic instead. Thanks for explaining this Jeff - this does accord with what I see - which of course leaves my batch job system unpredictable. > Probably doable, but not trivial. IIRC, the kernel tracks credentials > by uid. You'd need to determine some way to split that up so that each > "session" has separate credentials. Once you do that, you'll have to > have the kernel pass enough info to the upcall for it to determine what > credcache it should use and modify gssd to use the new info accordingly. Just to be clear - you mean doable to a coder who might like to improve on gssd/kernel credential separation, rather than a non-coding sysadmin who needs with work within the current NFS/gssd framework? -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
