How does the NFS client find a users tickets in a filesystem?
steve
steve at steve-ss.com
Mon Sep 15 13:27:49 EDT 2014
On Mon, 2014-09-15 at 09:44 +0100, moritz.willers at ubs.com wrote:
> Wendy,
>
> rpc.gssd on Linux looks in /tmp for files which start with krb5cc. The
> location where rpc.gssd is looking can be overridden with the -d option.
Hi
On systemd they're not under /tmp but default to /run/user instead.
Could that be your issue?
>
> -----Original Message-----
> From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
> Behalf Of Wendy Lin
> Sent: 15 September 2014 08:44
> To: Frank Cusack
> Cc: <kerberos at mit.edu>
> Subject: Re: How does the NFS client find a users tickets in a
> filesystem?
>
> On 14 September 2014 23:46, Frank Cusack <frank at linetwo.net> wrote:
> > On Fri, Sep 12, 2014 at 8:53 AM, Wendy Lin <wendlin1974 at gmail.com>
> wrote:
> >> How does the NFS client (say, Linux and AIX) find a users krb5
> >> tickets in the filesystem? Does /sbin/mount forward the ticket to
> rpc.gssd?
> >>
> > There's a so-called 'upcall' mechanism in the filesystem. rpc.gssd
> > gets requests from the nfs client through that and sends the answers
> > through the same mechanism. It's very patchwork IMHO.
> >
> > /sbin/mount and mounts_nfs per se have no knowledge of this
> > authentication backdoor.
>
> How does rpc.gssd find the tickets? They can be anywhere, as defined by
> the KRB5CCNAME variable in the user's environment.
>
> Wendy
>
> >
> >>
> >> Wendy
> >> ________________________________________________
> >> Kerberos mailing list Kerberos at mit.edu
> >> https://mailman.mit.edu/mailman/listinfo/kerberos
> >
> >
>
>
>
> --
> Wendy
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> Visit our website at http://www.ubs.com
>
> This message contains confidential information and is intended only
> for the individual named. If you are not the named addressee you
> should not disseminate, distribute or copy this e-mail. Please
> notify the sender immediately by e-mail if you have received this
> e-mail by mistake and delete this e-mail from your system.
>
> E-mails are not encrypted and cannot be guaranteed to be secure or
> error-free as information could be intercepted, corrupted, lost,
> destroyed, arrive late or incomplete, or contain viruses. The sender
> therefore does not accept liability for any errors or omissions in the
> contents of this message which arise as a result of e-mail transmission.
> If verification is required please request a hard-copy version. This
> message is provided for informational purposes and should not be
> construed as a solicitation or offer to buy or sell any securities
> or related financial instruments.
>
> UBS Limited is authorised by the Prudential Regulation Authority
> and regulated by the Financial Conduct Authority and the Prudential
> Regulation Authority.
>
> UBS AG is a public company incorporated with limited liability in
> Switzerland domiciled in the Canton of Basel-City and the Canton of
> Zurich respectively registered at the Commercial Registry offices in
> those Cantons with new Identification No: CHE-101.329.561 as from 18
> December 2013 (and prior to 18 December 2013 with Identification
> No: CH-270.3.004.646-4) and having respective head offices at
> Aeschenvorstadt 1, 4051 Basel and Bahnhofstrasse 45, 8001 Zurich,
> Switzerland and is authorised and regulated by the Financial Market
> Supervisory Authority in Switzerland. Registered in the United
> Kingdom as a foreign company with No: FC021146 and having a UK
> Establishment registered at Companies House, Cardiff, with
> No: BR 004507. The principal office of UK Establishment: 1 Finsbury
> Avenue, London EC2M 2PP. In the United Kingdom, UBS AG is authorised
> by the Prudential Regulation Authority and subject to regulation
> by the Financial Conduct Authority and limited regulation by the
> Prudential Regulation Authority. Details about the extent of our
> regulation by the Prudential Regulation Authority are available
> from us on request.
>
> UBS reserves the right to retain all messages. Messages are protected
> and accessed only in legally justified cases.
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list