yes, this is what I tried. It does work, as I noted before. I believe the restriction to
specific users also works.
On Oct 22, 2019, at 3:05 PM, Alexander Bokovoy
<abokovoy(a)redhat.com> wrote:
On ti, 22 loka 2019, Simo Sorce via FreeIPA-users wrote:
> On Tue, 2019-10-22 at 14:31 -0400, Simo Sorce via FreeIPA-users wrote:
>> On Tue, 2019-10-22 at 18:43 +0300, Alexander Bokovoy via FreeIPA-users
>> wrote:
>> > On ti, 22 loka 2019, Charles Hedrick via FreeIPA-users wrote:
>> > > ok. So delegation works. Now we come to the question of how to
>> > > configure it in gssproxy. The man page describes the syntax of the
file
>> > > but not how it actually works. Any suggestions?
>> >
>> > That is something for Simo, as gssproxy upstream. Unfortunately, I have
>> > no time right now to investigate that.
>> >
>> > May be you can file a ticket to gssproxy asking to document that?
>>
>> What's the ask exactly ?
>
> If it is NFS related please read this first:
>
https://pagure.io/gssproxy/blob/master/f/docs/NFS.md
Right, 'impersonate = true' covers both steps. Thanks!
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland