On Wed, 2013-05-01 at 16:53 -0400, Simo Sorce wrote:
But whether you can use it or not depends on whether the dhcp server
uses just GSSAPI or still does some native kerberos calls.
If the latter it should be patched first to not use krb calls.
Are you using a script that calls nsupdate ? Or something else ?
If you are using nsupdate you'll be fine, I checkd it uses only GS
calls, so in theory it could be use in conjunction with gss-proxy and
obtain privilege separation this way.
Simo.
--
Simo Sorce * Red Hat, Inc * New York