On Tue, Jun 4, 2019 at 1:25 AM Winberg Adam <Adam.Winberg(a)smhi.se> wrote:
Sounds like the same issue I had, i created a bugzilla ticket for
it:
https://bugzilla.redhat.com/show_bug.cgi?id=1712875
Thanks; I piled on.
For us KCM does not bring anything extra to the table as it does not
manage ticket renewals yet, so we switched back to kernel keyring
for kerberos tickets.
Sites who use Kerberos authentication to access both Windows SMB
shares and NFS mounts care about this, because KCM avoids the problem
of cifs.upcall creating root's kernel persistent keyring with the
wrong SELinux context and thus breaking rpc.gssd's ability to
subsequently access the credential cache.