On Thu, Jul 20, 2023 at 8:38 AM Stefan Bauer <cubewerk(a)gmail.com> wrote:
However i have a bad feeling about letting services read the keytab
file as it gives access to the machine-account.
Opinions?
How do you handle service keytabs and it's rotation?
Permitting applications to access only the principals they require but
still retaining a single keytab was one of the explicit design goals
of gssproxy (1).
(1)
https://github.com/gssapi/gssproxy/tree/main/docs