diff options
author | Olga Kornievskaia <aglo@citi.umich.edu> | 2009-11-16 09:27:22 -0500 |
---|---|---|
committer | Steve Dickson <steved@redhat.com> | 2009-11-16 09:27:22 -0500 |
commit | 421406ee159fa27cca1a150600cfc321bbbe33f5 (patch) | |
tree | 8eedd37494cc78c1d19cf8f6b6c46add5b621ea7 /utils/gssd/krb5_util.c | |
parent | 0cfdc66de043a89d2ae2167a624e7d0b56c122eb (diff) | |
download | nfs-utils-421406ee159fa27cca1a150600cfc321bbbe33f5.tar.gz nfs-utils-421406ee159fa27cca1a150600cfc321bbbe33f5.tar.xz nfs-utils-421406ee159fa27cca1a150600cfc321bbbe33f5.zip |
gssd: process target= attribute in new upcall
Add processing of the "target=" attribute in the new gssd upcall.
Information in this field is used to construct the gss service name
of the server for which gssd will create a context .
This, along with the next patch handling "service=", is needed
for callback security.
For Kerberos, the NFS client will use a service principal present
in its keytab during authentication of the SETCLIENT_ID operation.
When establishing the context for the callback, the gssd on the
NFS server will attempt to authenticate the callback against the
principal name used by the client.
Note: An NFS client machine must have a keytab for the callback
authentication to succeed.
Signed-off-by: Olga Kornievskaia <aglo@citi.umich.edu>
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Steve Dickson <steved@redhat.com>
Diffstat (limited to 'utils/gssd/krb5_util.c')
0 files changed, 0 insertions, 0 deletions