I'm troubleshooting a problem: A local system account (daemon) needs to
access a file on an NFS4 filesystem with sec=krb5. My understanding is
that only processes which have a Kerberos ticket are able to access
files on such a filesystem, and that seems to be the case on the system
I'm troubleshooting.
Suppose I need a keytab to identify the "daemon" user. I don't think I
want to create a new user in FreeIPA, since it would have a uid/gid that
conflict with the locally defined account. However, I think I do need a
keytab for "daemon(a)DOMAIN". The ipa command doesn't seem to provide a
means of creating such a principal.
Should I work directly in kadmin to create the principal and export the
keytab? Am I even on the right track?