Hi, I have a server farm where all servers mount an NFSv4 share using the "sec=krb5p" option. What I'd like is for users to be able to access this share in automated jobs that are run via cron.
I saw that there is a FAQ on this: http://www.faqs.org/faqs/kerberos-faq/general/section-61.html#b But either I'm doing something wrong or missing some subtlety, as any automated job is still getting "permission denied" for the nfsv4 share. First question: say I have a user named "matt" on my systems. Login authentication is controlled via Kerberos as well, so I have a principal "[email protected]", secured with a password. It seems that if I export the key to a file (in kadmin: "ktadd -k matt.keytab matt"), then the password no longer works. Is this correct, that a password and keytab file are mutually exclusive? That appears to be the case... Based on my assumption that I can't have both a password and valid key file, I tried to create a special principal, per the FAQ: kadmin: addprinc -randkey matt/cron kadmin: ktadd -k matt_cron.keytab matt/cron So now, in the crontab for user "matt", I prefix all commands with "kinit -k -t matt_cron.keytab matt/cron". But jobs still fail with "permission denied" for the nfsv4 share. After invoking the kinit command, I do have a valid TGT, verified with klist. So... what am I missing? Thanks, Matt ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
