On Nov 22, 2013, at 14:11, Simo Sorce <simo@xxxxxxxxxx> wrote: > On Thu, 2013-11-21 at 08:37 -0500, Steve Dickson wrote: >> >> On 20/11/13 15:49, Simo Sorce wrote: >>>> I think Solution 3: [nfslog/nfslogout interfaces invoked from PAM or >>>>> other login system facility] is a good way to go. Note that a PAM >>>>> based solution where in the PAM would get us most of the way towards >>>>> providing users with a way to login and logout of NFS kerberized >>>>> shares. >>>>> >>>>> Comments on an NFS PAM that will destroy GSS context for a UID upon >>>>> logout? >>> I prefer 3 too, let it to the login system (whether PAM based or other) >>> to determine when it is time to destroy credentials, that's the only >>> component that have a chance of guessing right. Really? How do you deal with backgrounded tasks? >>> Of course you could also provide a user utility to force a purge. >>> >> +1 for me on this options as well... >> >> But how is it known when somebody logs out? Is that PAM-able as well? > > I would say "login process" more than pam, but the basic idea is the > same, a user space program that knows when the user is logging out for > good and is privileged enough to go an tell the kernel to nuke creds. What’s such a process going to use as an indicator that the user is “logging out for good”? Trond-- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
