[33377] in Kerberos
Re: Inittab launching K5start too soon
daemon@ATHENA.MIT.EDU (Nico Williams)
Thu May 12 13:58:09 2011
MIME-Version: 1.0
In-Reply-To: <878vub52w3.fsf@windlord.stanford.edu>
Date: Thu, 12 May 2011 12:58:00 -0500
Message-ID: <BANLkTimPU5WqtTNe+GguT69kUBzo+WEOvg@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Russ Allbery <rra@stanford.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Thu, May 12, 2011 at 10:56 AM, Russ Allbery <rra@stanford.edu> wrote:> I was thinking of NFS mounts with system credentials, where you have to> get the ordering between the network, k5start, and the NFS mount correct.> But it sounds like I was borrowing trouble you don't have. :)
Really, what should happen is that mech_krb5's gss_init_sec_context()automatically gets a TGT using a keytab if there's a keytab available. Solaris' implementation does that, though sadly it only does it forprocesses running as root.
Nico--
________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
