On 2022-04-25 11:49, Francis Augusto Medeiros-Logeay via FreeIPA-users
wrote:
On 2022-04-08 10:57, Alexander Bokovoy via FreeIPA-users wrote:
I started to see GSSPROXY, and it seems like a good alternative, as we
could use a keytab that give limited access to resources, and not the
user's keytab. Would a service keytab work here, or should I rather
create a specific user just for the purpose of mounting NFS, for
example?
I actually tested it, but it seems I had a misunderstanding. Gssproxy
helps me to be able to mount my NFSv4 shares, but the problem is that
the user can't access them without a ticket, so I am back to square one,
which is, how to get a ticket for the user, non-interactively, after his
ticket has expired, so that running jobs won't create havoc when the
user looses access to his (mounted) share.
Best,
Francis