Avoid clobbering root's ccache if possiblefixrootccache

If the gssapi library is modern enough, store the ccache in a process scoped keyring by default. This will avoid clobbering root's default ccache, and keep the creds from littering the filesystem. Signed-off-by: Simo Sorce <simo@redhat.com>
author: Simo Sorce <simo@redhat.com> 2017-11-16 15:39:01 -0500
committer: Simo Sorce <simo@redhat.com> 2017-11-16 16:28:28 -0500
commit: 799c0303440e66004b4517e66d7f2852cfd313e4 (patch)
tree: 294e1eb2acf0dfe3f043d5be13f6de28e16e4f48 /utils/gssd/svcgssd.c
parent: 8d9bf479441d9d7a44a86b69026a7e9d431d3ade (diff)
download: nfs-utils-fixrootccache.tar.gz
nfs-utils-fixrootccache.tar.xz
nfs-utils-fixrootccache.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/utils/gssd/svcgssd.c b/utils/gssd/svcgssd.c
index 3514ae1..a521689 100644
--- a/utils/gssd/svcgssd.c
+++ b/utils/gssd/svcgssd.c
@@ -182,10 +182,10 @@ main(int argc, char *argv[])
 
 	if (get_creds) {
 		if (principal)
-			status = gssd_acquire_cred(principal, 
+			status = gssd_acquire_cred(principal, true,
 				((const gss_OID)GSS_C_NT_USER_NAME));
 		else
-			status = gssd_acquire_cred(GSSD_SERVICE_NAME, 
+			status = gssd_acquire_cred(GSSD_SERVICE_NAME, true,
 				(const gss_OID)GSS_C_NT_HOSTBASED_SERVICE);
 		if (status == FALSE) {
 			printerr(0, "unable to obtain root (machine) credentials\n");
author	Simo Sorce <simo@redhat.com>	2017-11-16 15:39:01 -0500
committer	Simo Sorce <simo@redhat.com>	2017-11-16 16:28:28 -0500
commit	799c0303440e66004b4517e66d7f2852cfd313e4 (patch)
tree	294e1eb2acf0dfe3f043d5be13f6de28e16e4f48 /utils/gssd/svcgssd.c
parent	8d9bf479441d9d7a44a86b69026a7e9d431d3ade (diff)
download	nfs-utils-fixrootccache.tar.gz nfs-utils-fixrootccache.tar.xz nfs-utils-fixrootccache.zip