On 2022-04-25 11:49, Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
On 2022-04-08 10:57, Alexander Bokovoy via FreeIPA-users wrote:
I started to see GSSPROXY, and it seems like a good alternative, as we could use a keytab that give limited access to resources, and not the user's keytab. Would a service keytab work here, or should I rather create a specific user just for the purpose of mounting NFS, for example?
I actually tested it, but it seems I had a misunderstanding. Gssproxy helps me to be able to mount my NFSv4 shares, but the problem is that the user can't access them without a ticket, so I am back to square one, which is, how to get a ticket for the user, non-interactively, after his ticket has expired, so that running jobs won't create havoc when the user looses access to his (mounted) share.
Best, Francis _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure