[36472] in Kerberos
Re: How does the NFS client find a users tickets in a filesystem?
daemon@ATHENA.MIT.EDU (Frank Cusack)
Mon Sep 15 14:59:15 2014
MIME-Version: 1.0
In-Reply-To: <CA+j=ERo6EqR82GpyssHxUMF-v1rPRv4jV+QD0=kP5Z0TTpeD+w@mail.gmail.com>
Date: Sun, 14 Sep 2014 14:46:07 -0700
Message-ID: <CAAyYNQiP=6oVRPLD+RgZ34R6J0XaFurXYabZq68PPXZuoKhY2g@mail.gmail.com>
From: Frank Cusack <frank@linetwo.net>
To: Wendy Lin <wendlin1974@gmail.com>
Cc: "<kerberos@mit.edu>" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
There's a so-called 'upcall' mechanism in the filesystem. rpc.gssd gets
requests from the nfs client through that and sends the answers through the
same mechanism. It's very patchwork IMHO.
/sbin/mount and mounts_nfs per se have no knowledge of this authentication
backdoor.
On Fri, Sep 12, 2014 at 8:53 AM, Wendy Lin <wendlin1974@gmail.com> wrote:
> How does the NFS client (say, Linux and AIX) find a users krb5 tickets
> in the filesystem? Does /sbin/mount forward the ticket to rpc.gssd?
>
> Wendy
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
