SV: pkinit and nfs
Martinsson Patrik
patrik.martinsson at smhi.se
Mon Oct 17 04:21:58 EDT 2011
Well yes, however if you add
pkinit_identities = PKCS11:path-to-smartcardlib
to the [libdefaults] section of your krb5.conf, the rpc.gssd will segfault.
In my world that means that rpc.gssd reads the pkinit-option in some way, but I'm not sure.
Best regards,
Patrik Martinsson, Sweden.
Från: Frank Cusack [mailto:frank at tenpedal.com]
Skickat: den 14 oktober 2011 20:04
Till: Martinsson Patrik
Kopia: kerberos at mit.edu
Ämne: Re: pkinit and nfs
On Fri, Oct 14, 2011 at 1:56 AM, Martinsson Patrik <patrik.martinsson at smhi.se<mailto:patrik.martinsson at smhi.se>> wrote:
How do I setup krb5.conf to get nfs not use pkinit, whilst when for example doing a regular "kinit" pkinit should be used.
"nfs", i.e. rpc.gssd, does not use pkinit ever. It uses only a keytab.
More information about the Kerberos
mailing list