Hi guys,
We have a setup where the FreeIPA server also hosts the user's homedirs. These are
shared via NFSv4 and are automounted when a user logs in.
[root@adm-001 ~]# cat /etc/exports
/data/home 172.16.216.0/24(rw,no_root_squash,sec=sys:krb5:krb5i:krb5p,fsid=1338)
[root@adm-001 ~]# ipa automountkey-show
Location: default
Map: auto.home
Key: *
Key: *
Mount information: -fstype=nfs4,rw,sec=krb5,intr,hard adm-001.domain:/data/home/&
While normal ssh logins work (you ssh to the client and put in your password),
passwordless ssh does not work. It's obvious that passwordless logins do not activate
the kerberos ticket function, but that results in the users being unable to read their own
files in their homedirs.
For now we ask users to not do passwordless login, but could we make the latter work?
TIA,
/tony
--
Tony Albers
Systems administrator, IT-development
Royal Danish Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
Tel: +45 2566 2383 / +45 8946 2316