Dear all,
I have software running on a freeipa client node which is started via systemd by using a freeipa account.
The software deamon needs to access the software related config files stored on an kerberized nfs share.
I really wonder what is the recommended and stable way to make sure that the software (so the ipa account)
has reliable access to the kerberized nfs share - without any manual actions like ssh login, etc.
Basically it’s clear that somehow there must be a valid kerberos ticket for the related freeipa account which connects
to the freeipa based nfs service.
So, sure there is an option to run some kind of cronjob which cares for the user related valid kerberos ticket,
but I think this is not the way to go … especially I don’t want to have any passwords for „kinit tasks“ stored on the
system for security reasons.
I hope there is an easy and secure configuration which covers that use case ^^^:)
Any hints are welcome !
Thanks,
Michael