Hi Russ, thanks a lot for your detailed explanation. What I forgot to mention:
- I initially log in to the box (NFSv4 client) via ssh, which causes the following *) Kerberos tickets are obtained *) the home dir is mounted with automount via NFSv4 - From that interactive shell I would like to use k5start as a wrapper so that the process(es) started via their init script can still write to the NFSv4 file system and don't get "Permission denied" when the tickets expire. That means, I'm dependendent on a main functionality of k5start (if I get it right): the ticket lifetime is constantly renewed at regular intervals, so that the renewed ticket actually never reaches the maximum ticket lifetime. Otherwise, I would have to restart the server process manually each and every day and this would be sort of awkward... Is it possible run daemon-like processes indefinitely (provided there's no core dump etc.) using k5start? (Sorry for explictly asking this, but it's not clear to me from the examples I've come accross on your home page). Do I have to take any additional measures when a daemon accesses a NFSv4 mounted filesystem via automount (That is, do I have to add additional principals to my keytab file)? (Currently, only the corresponding user principal is in there). Thanks in advance for any advice. Kind regards, Holger
signature.asc
Description: Digital signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
