If you are using gss-api and using putty to log in.
Did you do the thing metioned in 5.3.4.5
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Windows_Integration_Guide/trust-managing.html#kerberos-flags-services-hosts
also see
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/kerberos-for-entries.html#kerberos-flags-services-hosts

Rob

2017-06-22 13:50 GMT+02:00 Tony Brian Albers via FreeIPA-users <
freeipa-users@lists.fedorahosted.org>:

> Hi guys,
>
> We have a setup where the FreeIPA server also hosts the user's homedirs.
> These are shared via NFSv4 and are automounted when a user logs in.
>
> [root@adm-001 ~]# cat /etc/exports
> /data/home      172.16.216.0/24(rw,no_root_squash,sec=sys:krb5:krb5i:
> krb5p,fsid=1338)
>
> [root@adm-001 ~]# ipa automountkey-show
> Location: default
> Map: auto.home
> Key: *
>   Key: *
>   Mount information: -fstype=nfs4,rw,sec=krb5,intr,hard
> adm-001.domain:/data/home/&
>
>
> While normal ssh logins work (you ssh to the client and put in your
> password), passwordless ssh does not work. It's obvious that passwordless
> logins do not activate the kerberos ticket function, but that results in
> the users being unable to read their own files in their homedirs.
>
> For now we ask users to not do passwordless login, but could we make the
> latter work?
>
> TIA,
>
> /tony
>
>
> --
> Tony Albers
> Systems administrator, IT-development
> Royal Danish Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
> Tel: +45 2566 2383 / +45 8946 2316
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to