[38587] in Kerberos
Re: krb5 library missing functions for collections
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Fri Jul 26 09:54:54 2019
Message-ID: <201907261354.x6QDsiMa006676@hedwig.cmf.nrl.navy.mil>
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
To: "kerberos@mit.edu" <kerberos@mit.edu>
In-Reply-To: <30D49B12-7535-448B-8FE6-A7210648753A@rutgers.edu>
MIME-Version: 1.0
Date: Fri, 26 Jul 2019 09:54:44 -0400
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
>I think a real solution involves a separate kernel attribute
>for the principal to use for NFS. Indeed it might need to be
>filesystem-specific, though in practical cases maybe not. (You’d also
>need to consider how to do idmap in that case.)
That already exists; the keyring functionality is used by AFS to
associate a particular set of Kerberos credentials with a user or
a login session (in my experience, the session keyring generally
give you the semantics that you want).
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
