| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
|
|
|
| |
This way different processes running as the same user can be configured as
different servervices
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The krb5_{ccache,keytab,client_keytab} parameters are replaced with a
multivalued "cred_store" parameter instead.
krb5_keytab = /etc/krb5.keytab
becomes:
cred_store = keytab:/etc/krb5.keytab
Likewise for the "krb5_ccache" and "krb5_client_keytab" parameters.
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
|
| |
|
|
| |
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| | |
|
| |
|
|
|
|
|
|
| |
The Linux kernel now requires the gss-proxy to signal when it is available.
This is done by writing 1 to the file /proc/net/rpc/use-gss-proxy
Once this happens the kernel will try to attach to the gss-proxy socket
and use it instead of the classic rpc.svcgssd daemon.
|
| |
|
|
|
|
|
| |
This allows us to remove the ring_buffer hack and become completely
stateless as well as remove a possible DoS avenue.
R.I.P. Ring Buffer :-)
|
| |
|
|
|
|
| |
Guenther
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
| |
Guenther
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
| |
Guenther
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
| |
Guenther
Signed-off-by: Simo Sorce <simo@redhat.com>
|
| | |
|
| |
|
|
|
|
|
| |
Keeping 2 separate sections for credentials and services seem to just make
things really confusing. The off chance of reusing a 'credential' section is
dwarfed by the confusion cause by keeping them separate. Having to copy a full
service section is not a big deal so KISS wins here.
|
| | |
|
| |
|
