On 2022-04-08 10:57, Alexander Bokovoy via FreeIPA-users wrote:
On pe, 08 huhti 2022, Francis Augusto Medeiros-Logeay via
FreeIPA-users
wrote:
>
>
If you store your user credentials into a keytab and just set
KRB5_CLIENT_KTNAME, this will work too. A systemd timer could be used
to
replace k5start.
Alternatively, gssproxy could be used for that. It already knows how to
handle NFS, for example, so it would work just fine. But it also
expects
to have a keytab in a proper place.
I started to see GSSPROXY, and it seems like a good alternative, as we
could use a keytab that give limited access to resources, and not the
user's keytab. Would a service keytab work here, or should I rather
create a specific user just for the purpose of mounting NFS, for
example?
Best,
Francis