On Wed, 2020-11-11 at 16:24 -0500, Jason Keltz wrote:
Hi Simo,
I've continued to experiment.
I noticed that in /etc/krb5.conf, if I define:
AD.EECS.YORKU.CA = { auth_to_local = RULE:[1:$1@$0](.*)s/.*/root/ auth_to_local = DEFAULT }
... then any file I write actually gets mapped to root on the NFS client. On the other hand if I use:
auth_to_local = RULE:[2:$1/$2@$0](.*)s/.*/root/
.. then it does not work.
I just want to see what gssproxy is seeing - user@REALM, or host/user@REALM because I can't make it work. However, even with log level up high, gssproxy doesn't seem to divulge that information to me. How would I find it?
How did you set the debug level ?
At level 1 you should already get logging of responses which include the service name used.
However that will happen only at session establishment (At mount, or the first time a new user walks into the mount point).
After session establishment gssproxy is not involved anymore.
HTH, Simo.
Jason. _______________________________________________ gss-proxy mailing list -- gss-proxy@lists.fedorahosted.org To unsubscribe send an email to gss-proxy-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/gss-proxy@lists.fedorahosted.or...