jbazik
commented
3 years ago So, it shouldn't be this?
cred_store = ccache:FILE:/tmp/krb5cc_%U
allow_any_uid = yesI was expecting gssproxy to chown the ccache to the user, which it doesn't do.
Open frozencemetery opened 4 years ago
jbazik
commented
3 years ago So, it shouldn't be this?
cred_store = ccache:FILE:/tmp/krb5cc_%U
allow_any_uid = yesI was expecting gssproxy to chown the ccache to the user, which it doesn't do.
jbazik
commented
3 years ago I think I understand now that the cred_store ccache is for gssproxy's internal use. After I got things working, I could see in strace that gssd actually creates the ccache file in /tmp for the user. Or is it the interposer code that does that? I'm still not sure if or why I should set this setting, but I have it working.
simo5
commented
3 years ago @jbazik this i used by gss-proxy to perform operations like impersonation as they are split over multiple iterations and need a stored ccache to continue the operation. It is not needed for all gss-proxy operations
Saffa001
commented
2 years ago Hello every one, Is there any document to validate GSSPROXY working? I have RHEL8 and Kerberos with GSSAPI and dotnet app. It has been a Month i could not get it work. Any help would be appreciated. Thanks
simo5
commented
2 years ago What we have here: https://github.com/gssapi/gssproxy/tree/main/docs is all we have really.
Saffa001
commented
2 years ago Understood, Thank you. I was thinking maybe someone has knowledge base website to share so i may able to get this to work.
Current docs aren't very clear about when to use this. As a result, reasonable users often make the assumption that this should be something like
cred_store = ccache:/tmp/krb5cc_%uorcred_store = ccache:KEYRING:%uor what have you.We should make explicit what this is actually intended for and that it shouldn't be otherwise used.