The clients machines on my network from time to time get brought to
another network and plugged in to test programs that are being
developed. In the past this hasn't been an issue as it's usually a short
stay and thus the kerberos key is cached and doesn't expire. Recently I
have had a user who has requested that he be able to mount an NFS share
on the "other network".
Naturally I thought of building a sudo rule and adding it to the freeipa
server, as we don't allow user mounts due to security requirements. The
issue is however that the sudo mount request will be made when the user
is not on the network and thus I imagine that it will get denied. Anyone
have experience with this, or thoughts? If I put a rule to allow
mounting the share by this user in the local sudoers file, will the
system verify the user against the cached user key and thus allow the mount?
I feel like I'm overthinking this . . .
Thanks for any help!
V/r,
Matthew
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org