Re: [NFS] NFS/krb and batch jobs - doable?

[raini-9HxftnAiGddWk0Htik3J/w@public.gmane.org]

>> No, gssd (the client side daemon) will search /tmp for anything that
>> looks like a credcache for the right user, verify that it is a
>> credcache and then pick the one with the latest TGT expiration.
>
>> You're correct that NFS ignores $KRB5CCNAME. It uses the above (less
>> than optimal) heuristic instead.
>
> Thanks for explaining this Jeff - this does accord with what I see - which
> of course leaves my batch job system unpredictable.
>
>> Probably doable, but not trivial. IIRC, the kernel tracks credentials
>> by uid. You'd need to determine some way to split that up so that each
>> "session" has separate credentials. Once you do that, you'll have to
>> have the kernel pass enough info to the upcall for it to determine what
>> credcache it should use and modify gssd to use the new info accordingly.
>
> Just to be clear - you mean doable to a coder who might like to improve on
> gssd/kernel credential separation, rather than a non-coding sysadmin who
> needs with work within the current NFS/gssd framework?
>



------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
_______________________________________________
Please note that nfs@lists.sourceforge.net is being discontinued.
Please subscribe to linux-nfs@vger.kernel.org instead.
    http://vger.kernel.org/vger-lists.html#linux-nfs