From fbff46da25a0a578136fd92a6b66e807b6599ca3 Mon Sep 17 00:00:00 2001 From: Kevin Coffman Date: Fri, 16 Mar 2007 10:27:46 -0400 Subject: Allow any credential to be used for machine credentials Don't restrict machine credentials to be "nfs/". Use any usable credentials contained in the keytab file. [We actually attempt to use the first entry found for each realm, not every entry, in the keytab.] Signed-off-by: Kevin Coffman Signed-off-by: Neil Brown --- utils/gssd/gssd.man | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'utils/gssd/gssd.man') diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man index 1a30d69..f2ecd69 100644 --- a/utils/gssd/gssd.man +++ b/utils/gssd/gssd.man @@ -41,10 +41,18 @@ authentication. .B -k keytab Tells .B rpc.gssd -to use the keys for principals nfs/hostname in +to use the keys found in .I keytab -to obtain machine credentials. +to obtain "machine credentials". The default value is "/etc/krb5.keytab". +Previous versions of +.B rpc.gssd +used only "nfs/*" keys found within the keytab. +Now, the first keytab entry for each distinct Kerberos realm +within the keytab is used. This means that an NFS client +no longer needs an "nfs/hostname" principal and keytab entry, +but can instead use a "host/hostname" (or any other) keytab +entry that is available. .TP .B -p path Tells -- cgit