The clients machines on my network from time to time get brought to another network and plugged in to test programs that are being developed. In the past this hasn't been an issue as it's usually a short stay and thus the kerberos key is cached and doesn't expire. Recently I have had a user who has requested that he be able to mount an NFS share on the "other network".

Naturally I thought of building a sudo rule and adding it to the freeipa server, as we don't allow user mounts due to security requirements. The issue is however that the sudo mount request will be made when the user is not on the network and thus I imagine that it will get denied. Anyone have experience with this, or thoughts? If I put a rule to allow mounting the share by this user in the local sudoers file, will the system verify the user against the cached user key and thus allow the mount?

I feel like I'm overthinking this . . .

Thanks for any help!



FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to