gssproxy
gssproxy copied to clipboard
gssapi
Elaborate on when `cred_store = ccache:...` should be used
Current docs aren't very clear about when to use this. As a result, reasonable users often make the assumption that this should be something like cred_store = ccache:/tmp/krb5cc_%u or cred_store = ccache:KEYRING:%u or what have you.
We should make explicit what this is actually intended for and that it shouldn't be otherwise used.
So, it shouldn't be this?
cred_store = ccache:FILE:/tmp/krb5cc_%U
allow_any_uid = yes
I was expecting gssproxy to chown the ccache to the user, which it doesn't do.
I think I understand now that the cred_store ccache is for gssproxy's internal use. After I got things working, I could see in strace that gssd actually creates the ccache file in /tmp for the user. Or is it the interposer code that does that? I'm still not sure if or why I should set this setting, but I have it working.
@jbazik this i used by gss-proxy to perform operations like impersonation as they are split over multiple iterations and need a stored ccache to continue the operation. It is not needed for all gss-proxy operations
Hello every one, Is there any document to validate GSSPROXY working? I have RHEL8 and Kerberos with GSSAPI and dotnet app. It has been a Month i could not get it work. Any help would be appreciated. Thanks
What we have here: https://github.com/gssapi/gssproxy/tree/main/docs is all we have really.
Understood, Thank you. I was thinking maybe someone has knowledge base website to share so i may able to get this to work.