Skip Menu |
 

Date: Wed, 24 Jul 2019 18:52:23 +0000
Subject: ccselect_k5identity needs a global config file
To: "krb5-bugs@mit.edu" <krb5-bugs@mit.edu>
From: "Charles Hedrick" <hedrick@rutgers.edu>
Submitter-Id: hedrick
Originator: Charles Hedrick
Organization: Rutgers University
Confidential :no
Synopsis: ccselect_k5identity needs a way to work with rpc.gssd
Severity: non-critical
Priority: medium
Category: krb5-libs
Class: change-request
Release: 1.14
Environment: Centos 7
System: Centos 7
Machine: VM
Description: Currently when trying to access an NFS-mounted directory, the currently selected principal is used. This is often wrong, e.g. if the user is working with an administrative principal. I’d prefer to change the default, but others seem to disagree. I tried to set it in .k5identity, but roc.gssd uses /.k5idenity, not the users, to avoid circularity when the home directory uses Kerberized NFS. I’d like ccselect_k5identity to use /etc/k5identity if there’s no entry in the user’s own file. We’d need at least %{username} to work, based on the euid.
How-To-Repeat: N/A
Fix: N/A