gssproxy
gssproxy copied to clipboard
gssapi
A proxy for GSSAPI | Docs at https://github.com/gssapi/gssproxy/tree/main/docs
Trying to test krb5 NFS exports with the "no_root_squash" export option, but it's not working and any request from root on the client ends up getting squashed to nobody. The...
The NFSv4.0 callback client in the Linux NFS server invokes gssproxy (somehow) to acquire the credential for its callback channel. On multi-homed systems, GSSX_ARG_ACQUIRE_CRED always selects the principal associated with...
Per discussion#39.
Docs !
Current docs aren't very clear about when to use this. As a result, reasonable users often make the assumption that this should be something like `cred_store = ccache:/tmp/krb5cc_%u` or `cred_store...
It seams gssproxy doesn't renew client cache on expiration. If client cache does not exists gssproxy acquire credentials and everything is working until clien cache expires. If client cache files...
It seems gssproxy doesn't expose lifetime of credentials or doesn't do it properly. In IPA env(WSGI, GSS_USE_PROXY=yes) I inquire the lifetime of creds as: ``` store = {'ccache': '/run/ipa/ccaches/xxx'} creds...
```C /* placeholder, * we will need an actual map but to speed up testing just make a sum with * a special base and hope no conflicts will happen...
See FIXME at https://github.com/gssapi/gssproxy/blob/main/src/mechglue/gpp_acquire_cred.c#L390
Currently the test suite uses openldap as a server. However, we'd like to be able to run it in RHEL/CentOS, which means that it ought to be done with 389ds....