svcgssd

[Fredrik Tolf]

On Wed, 2006-06-28 at 13:20 +0200, Fredrik Tolf wrote:
> I just grepped the nfs-utils-1.0.8 source tree for `kuserok', and found
> that it returned no matches. That leads me to wonder: how svcgssd
> actually authorize what principals are allowed for access to a certain
> UID?

I've been trying to debug this issue, and I've got a question: Does
svcgssd even know what UID or username a certain context is initialized
for, or does it only know the GSS name of the user?

This is rather crucial, because I have a couple of cases where the
Kerberos principal name isn't directly mappable to the system's user
names.

Don't you agree that Kerberos principals should be authorized against a
user's ~/.k5login file?

Fredrik Tolf