24 Jul
2023
24 Jul
'23
12:21 p.m.
On Thu, Jul 20, 2023 at 8:38 AM Stefan Bauer cubewerk@gmail.com wrote:
However i have a bad feeling about letting services read the keytab file as it gives access to the machine-account.
Opinions?
How do you handle service keytabs and it's rotation?
Permitting applications to access only the principals they require but still retaining a single keytab was one of the explicit design goals of gssproxy (1).