On Wed, Jun 21, 2017 at 09:01:04AM +0200, Pavel Cahyna wrote:
> On Tue, Jun 20, 2017 at 08:45:48PM +0200, Jakub Hrozek wrote:
> > Well, UID of the peer accessing the socket is the access control key right
> > now. Unlike Heimdal's KCM, root doesn't have any special powers (with
> > Heimdal's KCM, root can list any ccache, with our implementation, only
> > that of UID 0).
>
> How will rpc.gssd retrieve users' tickets then?
Maybe I misspoke -- root can be configured to list any user's ccache,
e.g:
KRB5CCNAME=KCM:123 klist
although I wanted to disable this by default. I admit I didn't think
about NFS. Does rpc.gssd still need to access any user's ccache even in
the age of gssproxy?
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
