Brian May <[EMAIL PROTECTED]> writes: >>>>>> "Steinar" == Steinar H Gunderson <[EMAIL PROTECTED]> writes:
> Steinar> Does this mean other programs wanting to read tickets > Steinar> (say, rpc.gssd from nfs-common) will have to be patched > Steinar> to read the tickets? In that case, I very much object to > Steinar> having this by default before etch :-) > If it uses the Heimdal client libraries, it should continue working > without any problems (not tested yet). The key point about programs like rpc.gssd is that they're not run by the user. They're system daemons that have to locate the ticket for the user via other means. Generally they do this by searching through /tmp for a ticket cache owned by the appropriate user. rpc.gssd is the main example of a program that does this, but sidentd has the same issue. It's for NFSv4 (and AFS) support that the MIT Kerberos developers are looking at taking the KCM concept a step further and using a kernel-mediated ticket cache of some kind so that NFSv4 has a more secure path to locating the credentials for a particular user. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
