---
Francis Augusto Medeiros-Logeay
Oslo, Norway
On 2022-04-07 12:03, Ronald Wimmer via FreeIPA-users wrote:
On 06.04.22 21:39, Francis Augusto Medeiros-Logeay via FreeIPA-users
wrote:
Hi,
We have a few machines that joined a FreeIPA instance. We use NFSv4 +
kerberos to mount home directories.
However, if the user do not log on to the machine for more than 7
days, and he leaves a job executing and that writes to some file on
his home directory, the cpu usage of the machine goes up to the sky
and the machine gets almost unusable.
Is there a good strategy to fetch new TGT's when near expiration? I
know some users generate a key tab (or fetch them using ipa-getkeytab)
to automate a kinit, but I wonder if we could come with a system-wide
solution that doesn't lead to storing key tabs around.
Any tips for that?
One way could be
ipa-getkeytab -s ipaserver.somedomain.com -p
someipau...@somedomain.com -P -k ./someipauser.keytab
export KRB5_CLIENT_KTNAME /some/path/to/someipauser.keytab
Thanks Ronald.
So as long as a keytab is generated and the variable is setup, so will
FreeIPA automatically use it to fetch a new TGT when the older one
expires after 7 days?
Best,
Francis
Cheers,
Ronald
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure