>> No, gssd (the client side daemon) will search /tmp for anything that >> looks like a credcache for the right user, verify that it is a >> credcache and then pick the one with the latest TGT expiration. > >> You're correct that NFS ignores $KRB5CCNAME. It uses the above (less >> than optimal) heuristic instead. > > Thanks for explaining this Jeff - this does accord with what I see - which > of course leaves my batch job system unpredictable. > >> Probably doable, but not trivial. IIRC, the kernel tracks credentials >> by uid. You'd need to determine some way to split that up so that each >> "session" has separate credentials. Once you do that, you'll have to >> have the kernel pass enough info to the upcall for it to determine what >> credcache it should use and modify gssd to use the new info accordingly. > > Just to be clear - you mean doable to a coder who might like to improve on > gssd/kernel credential separation, rather than a non-coding sysadmin who > needs with work within the current NFS/gssd framework? > ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ NFS maillist - NFS@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/nfs _______________________________________________ Please note that nfs@xxxxxxxxxxxxxxxxxxxxx is being discontinued. Please subscribe to linux-nfs@xxxxxxxxxxxxxxx instead. http://vger.kernel.org/vger-lists.html#linux-nfs -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
