On 08/28/2013 12:00 PM, Ondrej Valousek wrote:
Because with NFS (v3 or v4) it is a bit more complicated.
With smbclient, you are actually not "mounting" the filesystem so that the
smbclient is happy with just your TGT.
With NFS, you typically need two tickets:
1. one host (or nfs) so that root can mount the filesystem using Kerberos
security
even though one mounts it from autofs? When using autofs from
/net/host/share I can do that as non-root.
2. second user TGT so that you can actually read the (already) mounted
filesystem
But you can run gssd with the -n argument which tells it not to look for SPNs
(actually this is not SPN, we are talking about UPN in this case), but take a
TGT from already pre-created kerberos database in /tmp
So yes, with a bit of effort you can use kerberized NFS even from a client not
joined to IPA domain.
ok, nice to know.
--
groet,
natxo
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
