I've been running freeipa-server-4.x.x.fc25.x86_64 in systemd-nspawn selinux-
wrapped full OS containers for a while.
After upgrading to F25 on the host, systemd disabled access to the KEYRING
ccache type from nspawn containers since the kernel keyring isn't namespaced.
So anything that needs to get a keytab results in something like the
kinit: Invalid UID in persistent keyring name while getting default ccache
dnf upgrades end up failing until I 'export KRB5CCNAME=FILE:/tmp/whatever' and
manually upgrade as if I performed an offline upgrade.
Other than that, no issues to report.
Are there any concerns if I switch the krb5.com default_ccache_name on the
freeipa systemd-nspawn servers to MEMORY or FILE? Which would be preferred?
Thanks for the advice. -A
Anthony - https://messinet.com/ - https://messinet.com/~amessina/gallery
F9B6 560E 68EA 037D 8C3D D1C9 FF31 3BDB D9D8 99B6
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project