Inittab launching K5start too soon

Nico Williams nico at cryptonector.com
Thu May 12 13:58:00 EDT 2011


On Thu, May 12, 2011 at 10:56 AM, Russ Allbery <rra at stanford.edu> wrote:
> I was thinking of NFS mounts with system credentials, where you have to
> get the ordering between the network, k5start, and the NFS mount correct.
> But it sounds like I was borrowing trouble you don't have.  :)

Really, what should happen is that mech_krb5's gss_init_sec_context()
automatically gets a TGT using a keytab if there's a keytab available.
 Solaris' implementation does that, though sadly it only does it for
processes running as root.

Nico
--




More information about the Kerberos mailing list