How does the NFS server map the apache user to “something” it recognizes? I
would suggest that the easiest solution may be to use an IPA account called
“apache”, so that the mappings would just work, but currently I’m having
trouble running a service as a domain user via systemd.
Beyond that, for kerberized NFS (local or domain user), you’ll need something
to keep a fresh ticket on hand, so you may end up running something like
k5start, and setting KRB5CCNAME in the environment where you’re running apache.
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rob Verduijn
Sent: Monday, September 15, 2014 9:17 AM
Subject: [Freeipa-users] apache kerberized nfs4 /var/www/html access denied for
I've got a webserver whose default export is on a kerberized nfs4 export.
The export works fine for regular ipa users
However the apache user is not allowed to read anything from the export.
What would be the best practice to allow the apache user access to the nfs4
export without switching to sec=sys ?
This electronic message contains information generated by the USDA solely for
the intended recipients. Any unauthorized interception of this message or the
use or disclosure of the information it contains may violate the law and
subject the violator to civil or criminal penalties. If you believe you have
received this message in error, please notify the sender and delete the email
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project