<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2"> <meta name="Generator" content="Microsoft Exchange Server"> <style></style> </head> <body> <div> <div>Ok. I agree that the problem needs to be fixed in kernel - lets hope the patches will find their way into RHEL 7 ;-).</div> <div>Does it mean that since Fedora 19 the default location of krb5.keytab is /var/lib/gssproxy?</div> <div>O.</div> <div><br> </div> <div><br> </div> <div> <div style="font-size:75%; color:#575757">Odesláno ze Samsung Mobile</div> </div> <br> <br> <br> -------- Původní zpráva --------<br> Od: Simo Sorce <simo@redhat.com> <br> Datum: <br> Komu: "Adamson, Andy" <William.Adamson@netapp.com> <br> Kopie: andrew@wasielewski.co.uk,freeipa-users@redhat.com <br> Předmět: Re: [Freeipa-users] Problem with Kerberised NFS mount <br> <br> <br> </div> <font size="2"><span style="font-size:10pt;"> <div class="PlainText">On Fri, 2013-07-12 at 19:16 +0000, Adamson, Andy wrote:<br> > On Jul 12, 2013, at 3:02 PM, Rob Crittenden <rcritten@redhat.com><br> > wrote:<br> > <br> > > Chuck Lever wrote:<br> > >> <br> > >> On Jul 12, 2013, at 2:43 PM, Ondrej Valousek <ovalousek@vendavo.com<br> > >> <<a href="mailto:ovalousek@vendavo.com">mailto:ovalousek@vendavo.com</a>>> wrote:<br> > >> <br> > >>> Just back to the Kerberized NFS. Any solution to RH bugzilla #786463<br> > >>> on the horizon yet?<br> > >>> Expiring tickets will render the whole concept unusable otherwise.<br> > >>> <br> > >>> Anyone?<br> > >> <br> > >> Ask on linux-nfs@vger.kernel.org <<a href="mailto:linux-nfs@vger.kernel.org">mailto:linux-nfs@vger.kernel.org</a>>. I<br> > >> know upstream is working on this problem.<br> > > <br> > > <a href="https://fedorahosted.org/gss-proxy/">https://fedorahosted.org/gss-proxy/</a> will solve the problem.<br> > <br> > Only for renewable tickets that gss-proxy renews. If a use has a non-renewable ticket, then the problem still exists. I'm working on a set of GSS expiry patches and I'll make sure this problem is solved in the kernel.<br> <br> Just to avoid confusion.<br> <br> GSS-Proxy doesn't really handle renews at this stage (except as a a<br> possible side effect of GSSAPI doing it under the hood on its own), it<br> only handles acquiring new credentials using keytabs or using existing<br> valid credentials from a standard ccache pre-populated by the user.<br> <br> Simo.<br> <br> -- <br> Simo Sorce * Red Hat, Inc * New York<br> <br> _______________________________________________<br> Freeipa-users mailing list<br> Freeipa-users@redhat.com<br> <a href="https://www.redhat.com/mailman/listinfo/freeipa-users">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br> </div> </span></font> </body> </html>