How does the NFS client find a users tickets in a filesystem?

steve steve at steve-ss.com
Mon Sep 15 13:27:49 EDT 2014


On Mon, 2014-09-15 at 09:44 +0100, moritz.willers at ubs.com wrote:
> Wendy,
> 
> rpc.gssd on Linux looks in /tmp for files which start with krb5cc. The
> location where rpc.gssd is looking can be overridden with the -d option.

Hi
On systemd they're not under /tmp but default to /run/user instead.
Could that be your issue?

> 
> -----Original Message-----
> From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
> Behalf Of Wendy Lin
> Sent: 15 September 2014 08:44
> To: Frank Cusack
> Cc: <kerberos at mit.edu>
> Subject: Re: How does the NFS client find a users tickets in a
> filesystem?
> 
> On 14 September 2014 23:46, Frank Cusack <frank at linetwo.net> wrote:
> > On Fri, Sep 12, 2014 at 8:53 AM, Wendy Lin <wendlin1974 at gmail.com>
> wrote:
> >> How does the NFS client (say, Linux and AIX) find a users krb5 
> >> tickets in the filesystem? Does /sbin/mount forward the ticket to
> rpc.gssd?
> >>
> > There's a so-called 'upcall' mechanism in the filesystem.  rpc.gssd 
> > gets requests from the nfs client through that and sends the answers 
> > through the same mechanism.  It's very patchwork IMHO.
> >
> > /sbin/mount and mounts_nfs per se have no knowledge of this 
> > authentication backdoor.
> 
> How does rpc.gssd find the tickets? They can be anywhere, as defined by
> the KRB5CCNAME variable in the user's environment.
> 
> Wendy
> 
> >
> >>
> >> Wendy
> >> ________________________________________________
> >> Kerberos mailing list           Kerberos at mit.edu
> >> https://mailman.mit.edu/mailman/listinfo/kerberos
> >
> >
> 
> 
> 
> --
> Wendy
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> Visit our website at http://www.ubs.com 
> 
> This message contains confidential information and is intended only 
> for the individual named. If you are not the named addressee you 
> should not disseminate, distribute or copy this e-mail. Please 
> notify the sender immediately by e-mail if you have received this 
> e-mail by mistake and delete this e-mail from your system. 
> 
> E-mails are not encrypted and cannot be guaranteed to be secure or 
> error-free as information could be intercepted, corrupted, lost, 
> destroyed, arrive late or incomplete, or contain viruses. The sender 
> therefore does not accept liability for any errors or omissions in the 
> contents of this message which arise as a result of e-mail transmission. 
> If verification is required please request a hard-copy version. This 
> message is provided for informational purposes and should not be 
> construed as a solicitation or offer to buy or sell any securities 
> or related financial instruments. 
> 
> UBS Limited is authorised by the Prudential Regulation Authority 
> and regulated by the Financial Conduct Authority and the Prudential 
> Regulation Authority.
> 
> UBS AG is a public company incorporated with limited liability in
> Switzerland domiciled in the Canton of Basel-City and the Canton of
> Zurich respectively registered at the Commercial Registry offices in
> those Cantons with new Identification No: CHE-101.329.561 as from 18
> December 2013 (and prior to 18 December 2013 with Identification
> No: CH-270.3.004.646-4) and having respective head offices at
> Aeschenvorstadt 1, 4051 Basel and Bahnhofstrasse 45, 8001 Zurich,
> Switzerland and is authorised and regulated by the Financial Market
> Supervisory Authority in Switzerland.  Registered in the United
> Kingdom as a foreign company with No: FC021146 and having a UK
> Establishment registered at Companies House, Cardiff, with
> No: BR 004507.  The principal office of UK Establishment: 1 Finsbury
> Avenue, London EC2M 2PP.  In the United Kingdom, UBS AG is authorised
> by the Prudential Regulation Authority and subject to regulation
> by the Financial Conduct Authority and limited regulation by the
> Prudential Regulation Authority.  Details about the extent of our
> regulation by the Prudential Regulation Authority are available
> from us on request.
> 
> UBS reserves the right to retain all messages. Messages are protected 
> and accessed only in legally justified cases. 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos




More information about the Kerberos mailing list