Orion Poplawski wrote: Is there any way to allow setuid daemon to access krb5 automounted nfs directories? Specifically I'm looking to run spamassassin's spamd on a remote server and access user's home directories via krb5 nfs4. spamd changes user to the user receiving the email being processes and needs to modify files in the user's home directory. Is there any reasonably secure way to give this daemon the ability to do this? Any way to tell rpc.gssd to use a specific credential cache for this type of access rather than the default for that effective uid? You don't want to give spamd the user's credentials. You want to acl the user's files so that spamd can do what it wants. Spamd will need its own krb5 principal. But I hope you're not planning to deliver mail over nfs. I think that would be a mistake. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
