Pushed to master, with one small modification (freeing of the strduped
string in the free config routine).
On 26/12/13 22:14, Simo Sorce wrote:
Implements RFE ticket #102
Allows to specify a user to drop privileges to. When dropping
privileges the /var/lib/gssproxy/clients directory and any keytab
gssproxy needs access to need to be readable by the proxy user.
For testing with /etc/krb5.keytab I suggest running: setfacl -m
Assuming "gssproxy" is the name of an existing system user set in
the config file as: run_as_user = gssproxy
I did some basic testing on my client system that is set up to
impersonate nfs client users by using constrained delegation and
the host keytab. Seem to work ok in Fedora 20, but requires
setenforce = 0 in my system because rpc.gssd is still broken in the
selinux policy when it tries to fork the handling child.
_______________________________________________ gss-proxy mailing
Günther Deschner GPG-ID: 8EE11688
Red Hat gdeschner(a)redhat.com
Samba Team gd(a)samba.org