gssd: Add options to rpc.gssd to allow for the use of $HOME/.k5identity files

Since commit 2f682f25c642fcfe7c511d04bc9d67e732282348 $HOME has been set to '/' to avoid a deadlock when accessing Kerberized NFS shares. While this works for most use cases, users who depend on the use of $HOME/.k5identity files are negatively impacted by this commit. This patch allows for users to use their $HOME/.k5identity to access subsequent Kerberized resources based on the credentials in said file. The default set by commit 2f682f25c still remains the same, but a user can pass '-H' to change rpc.gssd behavior to not set $HOME to '/'. Setting 'set-home=0' in /etc/nfs.conf has the same effect as passing '-H' directly to rpc.gssd. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1868087 Signed-off-by: Jacob Shivers <jshivers@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
author: Jacob Shivers <jshivers@redhat.com> 2021-03-15 09:22:57 -0400
committer: Steve Dickson <steved@redhat.com> 2021-03-15 10:37:51 -0400
commit: 05bacfed6df3f336c50326c7c6f4c3677c7f7d70 (patch)
tree: 0722e3cda9d2f92473a502f00b9ccd5b771a704a /nfs.conf
parent: 7e559dbddc483a7c2bc7ea8133d8e4ba368d5f61 (diff)
download: nfs-utils-05bacfed6df3f336c50326c7c6f4c3677c7f7d70.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/nfs.conf b/nfs.conf
index e69ec16d..5b080015 100644
--- a/nfs.conf
+++ b/nfs.conf
@@ -24,6 +24,7 @@
 # keytab-file=/etc/krb5.keytab
 # cred-cache-directory=
 # preferred-realm=
+# set-home=1
 #
 [lockd]
 # port=0
author	Jacob Shivers <jshivers@redhat.com>	2021-03-15 09:22:57 -0400
committer	Steve Dickson <steved@redhat.com>	2021-03-15 10:37:51 -0400
commit	05bacfed6df3f336c50326c7c6f4c3677c7f7d70 (patch)
tree	0722e3cda9d2f92473a502f00b9ccd5b771a704a /nfs.conf
parent	7e559dbddc483a7c2bc7ea8133d8e4ba368d5f61 (diff)
download	nfs-utils-05bacfed6df3f336c50326c7c6f4c3677c7f7d70.tar.gz