[systemd-devel] Service that runs with network credentials
Mantas Mikulėnas
grawity at gmail.com
Wed Dec 11 07:43:07 UTC 2019
On Fri, Dec 6, 2019 at 12:58 PM Kenneth Porter <shiva at sewingwitch.com>
wrote:
> --On Thursday, December 05, 2019 10:37 AM +0100 Lennart Poettering
> <mzerqung at 0pointer.de> wrote:
>
> > I am not sure what "network credentials" is supposed to mean
>
> Here's where this came up.
>
> <https://sourceforge.net/p/backuppc/mailman/message/36870735/>
>
> The problem reported was pretty vague.
>
Yeah, it's unclear what purpose the configuration needs to serve.
Windows allows configuring a service to use an Active Directory account,
which gives both the local SID and the network credentials simultaneously
(since the account's password is stored). But these things are
completely separate for Linux services – e.g. you can tell the service
manager to setuid() to a LDAP account's UID/GID but that won't give you any
Kerberos tickets at all; and you can use k5start to provide Kerberos
credentials for network access but that won't have anything to do with the
service's local UID/GID.
--
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20191211/7cd98a07/attachment-0001.htm>
More information about the systemd-devel
mailing list