On 24 May 2021, at 10:44, Jason Keltz wrote:
Hi Benjamin,
That's exactly it - I definately want ksu to be writing that exact
file. Any idea why it isn't, and why it matters if the home
directory is using sec=krb5 or not?
Because if you're mounting with sec=krb5, then the kernel's going to
upcall to rpc.gssd, which is going to try to find the credential cache
to establish a context with the NFS server. None of that has to happen
with sec=sys.
As far as where ksu puts the target cred cache - I don't know the
details there. Dig into the ksu source, or docs.. maybe you need to set
the krb5cc default cred cache.
Ben
