-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Elaborate on when cred_store = ccache:...
should be used
#5
Comments
So, it shouldn't be this?
I was expecting gssproxy to chown the ccache to the user, which it doesn't do. |
I think I understand now that the cred_store ccache is for gssproxy's internal use. After I got things working, I could see in strace that gssd actually creates the ccache file in /tmp for the user. Or is it the interposer code that does that? I'm still not sure if or why I should set this setting, but I have it working. |
@jbazik this i used by gss-proxy to perform operations like impersonation as they are split over multiple iterations and need a stored ccache to continue the operation. |
Hello every one, Is there any document to validate GSSPROXY working? I have RHEL8 and Kerberos with GSSAPI and dotnet app. |
What we have here: https://github.com/gssapi/gssproxy/tree/main/docs is all we have really. |
Understood, Thank you. I was thinking maybe someone has knowledge base website to share so i may able to get this to work. |
Current docs aren't very clear about when to use this. As a result, reasonable users often make the assumption that this should be something like
cred_store = ccache:/tmp/krb5cc_%u
orcred_store = ccache:KEYRING:%u
or what have you.We should make explicit what this is actually intended for and that it shouldn't be otherwise used.
The text was updated successfully, but these errors were encountered: