Default client keytab name
Sam Hartman
hartmans at MIT.EDU
Mon Jul 23 11:53:44 EDT 2012
>>>>> "Nico" == Nico Williams <nico at cryptonector.com> writes:
Nico> But if a daemon like gssd is trying to use said keytab then
Nico> we're back to the same problem as with ccaches. Even w/o a
Nico> daemon.
While I think we should consider gssd, and while I'd like to find a
solution that works for everything including gssd, I consider gssd kind
of special.
My primary use case here is getting rid of kstart not gssd.
Even now I don't run across a lot of NFSv4 with Kerberos; I run across
other Kerberos services far more.
However, I do agree that client keytabs could be very useful for gssd.
I think that looking up pwnam(geteuid()) could work for gssd. You'd
need to be careful if /etc was NFS mounted not to cause recursion with
getpwnam(), but that's managable.
More information about the krbdev
mailing list