Hello, would it be acceptable to add an option for rpc.gssd to use host keytab if user's kerberos ticket is not available? Consider the following scenario: 1) machine has NFS mounted /home using kerberos authentication 2) user logs in, sshd creates krb ticket ($HOME/.k5login needs to be world readable to allow kerberized access, e.g., using kerberos ticket) 3) user stays logged in and krb ticket expires 4) kinit to renew ticket produces strange error because $HOME is not accessible and a new ticket is not created. So, I think in this case, I would like to see rpc.gssd uses host keytab while user's ticket is not available, which maps to nobody/nogroup, but kinit should succeed. Or are there any other options if one is using kerberized homes only? -- Lukáš Hejtmánek -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
