[36467] in Kerberos
Re: How does the NFS client find a users tickets in a filesystem?
daemon@ATHENA.MIT.EDU (Wendy Lin)
Mon Sep 15 03:44:10 2014
MIME-Version: 1.0
In-Reply-To: <CAAyYNQiP=6oVRPLD+RgZ34R6J0XaFurXYabZq68PPXZuoKhY2g@mail.gmail.com>
Date: Mon, 15 Sep 2014 09:43:49 +0200
Message-ID: <CA+j=ERpPcc+Ns_MjNncpOQ99yufo7HQ7ESxpfb70EQ91wE+EvQ@mail.gmail.com>
From: Wendy Lin <wendlin1974@gmail.com>
To: Frank Cusack <frank@linetwo.net>
Cc: "<kerberos@mit.edu>" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 14 September 2014 23:46, Frank Cusack <frank@linetwo.net> wrote:
> On Fri, Sep 12, 2014 at 8:53 AM, Wendy Lin <wendlin1974@gmail.com> wrote:
>> How does the NFS client (say, Linux and AIX) find a users krb5 tickets
>> in the filesystem? Does /sbin/mount forward the ticket to rpc.gssd?
>>
> There's a so-called 'upcall' mechanism in the filesystem. rpc.gssd gets
> requests from the nfs client through that and sends the answers through the
> same mechanism. It's very patchwork IMHO.
>
> /sbin/mount and mounts_nfs per se have no knowledge of this authentication
> backdoor.
How does rpc.gssd find the tickets? They can be anywhere, as defined
by the KRB5CCNAME variable in the user's environment.
Wendy
>
>>
>> Wendy
>> ________________________________________________
>> Kerberos mailing list Kerberos@mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Wendy
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
