On 2022-04-08 10:57, Alexander Bokovoy via FreeIPA-users wrote:
On pe, 08 huhti 2022, Francis Augusto Medeiros-Logeay via FreeIPA-users
wrote:
If you store your user credentials into a keytab and just set
KRB5_CLIENT_KTNAME, this will work too. A systemd timer could be used
to
replace k5start.
Alternatively, gssproxy could be used for that. It already knows how to
handle NFS, for example, so it would work just fine. But it also
expects
to have a keytab in a proper place.
I started to see GSSPROXY, and it seems like a good alternative, as we
could use a keytab that give limited access to resources, and not the
user's keytab. Would a service keytab work here, or should I rather
create a specific user just for the purpose of mounting NFS, for
example?
Best,
Francis
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
