Hi Peter,
Just curious on why you were forced to use kerberos on your nfs share? Which version of
OneFS are you running? We also have Isilon and we are validating sssd for our
environment.
Best,
Baldwin
Sent from my iPhone
On Dec 23, 2015, at 4:35 AM, Peter Tulpen <ptulpen(a)emailn.de>
wrote:
Hello,
Since we were forced to use Kerberos on our isilon nfs share, we see several issues and
have several use cases, which might all be covered by sssd, but this is to confusing for
me to cope
What I already understood is, that I have to forget about public/private key, because of
this issue:
https://fedorahosted.org/freeipa/ticket/4000
Also we have the home directories on the kerberized server, so we get an infinite loop
The 3 use cases:
- Login in linux directly with username and password (ticket creation needed)
and login to other servers via ssh passswordless with this ticket (this works already)
- Login into windows with a smartcard (with getting a valid TGT) and loggin into
the servers via putty (or something similar). Also from here, logon to other servers
(works only when there is already a ticket)
- Services with a default user, which tickets get refreshed infinitely (I think
I have to use keytabs, but the refreshing does not work)
So can I achieve, that in every case sssd refreshes the tickets . Or do I have to combine
sssd with something like krenew?
Do I have to switch Kerberos on or of in the ssh config (I find different opinions about
that online)
I attached the ssh krb and sssd configs
Best regards and happy holidays,
Peter
Versendet mit Emailn.de - Freemail
* Unbegrenzt Speicherplatz
* Eigenes Online-Büro
* 24h besten Mailempfang
* Spamschutz, Adressbuch
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org