On 08/28/2013 12:00 PM, Ondrej Valousek wrote:
Because with NFS (v3 or v4) it is a bit more complicated.
With smbclient, you are actually not "mounting" the filesystem so that the 
smbclient is happy with just your TGT.

With NFS, you typically need two tickets:
1. one host (or nfs) so that root can mount the filesystem using  Kerberos 

even though one mounts it from autofs? When using autofs from
/net/host/share I can do that as non-root.

2. second user TGT so that you can actually read the (already) mounted 

But you can run gssd with the -n argument which tells it not to look for SPNs 
(actually this is not SPN, we are talking about UPN in this case), but take a 
TGT from already pre-created kerberos database in /tmp

So yes, with a bit of effort you can use kerberized NFS even from a client not 
joined to IPA domain.

ok, nice to know.


Freeipa-users mailing list

Reply via email to