[16338] in Kerberos-V5-bugs
[krbdev.mit.edu #8822] ccselect_k5identity needs a global config file
daemon@ATHENA.MIT.EDU (Charles Hedrick via RT)
Wed Jul 24 15:04:46 2019
From: Charles Hedrick via RT <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <B26B6D6E-6C3A-4D10-A8E4-078FA35C5212@rutgers.edu>
Message-ID: <rt-4.4.4-78601-1563995051-1114.8822-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8822":;
Date: Wed, 24 Jul 2019 15:04:11 -0400
MIME-Version: 1.0
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: krb5-bugs-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Wed Jul 24 15:04:11 2019: Request 8822 was acted upon.
Transaction: Ticket created by hedrick@rutgers.edu
Queue: krb5
Subject: ccselect_k5identity needs a global config file
Owner: Nobody
Requestors: hedrick@rutgers.edu
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8822 >
Submitter-Id: hedrick
Originator: Charles Hedrick
Organization: Rutgers University
Confidential :no
Synopsis: ccselect_k5identity needs a way to work with rpc.gssd
Severity: non-critical
Priority: medium
Category: krb5-libs
Class: change-request
Release: 1.14
Environment: Centos 7
System: Centos 7
Machine: VM
Description: Currently when trying to access an NFS-mounted directory, the currently selected principal is used. This is often wrong, e.g. if the user is working with an administrative principal. I’d prefer to change the default, but others seem to disagree. I tried to set it in .k5identity, but roc.gssd uses /.k5idenity, not the users, to avoid circularity when the home directory uses Kerberized NFS. I’d like ccselect_k5identity to use /etc/k5identity if there’s no entry in the user’s own file. We’d need at least %{username} to work, based on the euid.
How-To-Repeat: N/A
Fix: N/A
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
