---
Francis Augusto Medeiros-Logeay
Oslo, Norway
On 2022-04-07 12:03, Ronald Wimmer via FreeIPA-users wrote:
On 06.04.22 21:39, Francis Augusto Medeiros-Logeay via FreeIPA-users
wrote:
> Hi,
>
>
> We have a few machines that joined a FreeIPA instance. We use NFSv4 +
> kerberos to mount home directories.
>
> However, if the user do not log on to the machine for more than 7
> days, and he leaves a job executing and that writes to some file on
> his home directory, the cpu usage of the machine goes up to the sky
> and the machine gets almost unusable.
>
> Is there a good strategy to fetch new TGT's when near expiration? I
> know some users generate a key tab (or fetch them using ipa-getkeytab)
> to automate a kinit, but I wonder if we could come with a system-wide
> solution that doesn't lead to storing key tabs around.
>
> Any tips for that?
One way could be
ipa-getkeytab -s
ipaserver.somedomain.com -p
someipauser(a)SOMEDOMAIN.COM -P -k ./someipauser.keytab
export KRB5_CLIENT_KTNAME /some/path/to/someipauser.keytab
Thanks Ronald.
So as long as a keytab is generated and the variable is setup, so will
FreeIPA automatically use it to fetch a new TGT when the older one
expires after 7 days?
Best,
Francis
> Cheers,
> Ronald
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to
> freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
>
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
>
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
> Do not reply to spam on the list, report it:
>
https://pagure.io/fedora-infrastructure