We have a site where some users want to be able to run cron jobs with credentials so they can access files via NFS. We are currently using a local mechanism to generate those credentials. I'm considering using gssproxy instead. I've verified that it will work.
Is there any disadvantage to installing gssproxy on all systems, and setting use_gss_proxy in /etc/nfs.conf? We're on Ubuntu 20.04 and 22.04. The only issue I can see is that attempts to access files will cause something (the server?) to check for delegation entries in LDAP. If this only happens when credentials aren't already present, the extra overhead should be minimal. But we have lots of calls to rpc.gss, particularly since we expire contexts in 30 min, to deal with the problem that removing users from a group doesn't remove their access to files protected by the group until their NFS session credentials are refreshed.
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue