If you are using gss-api and using putty to log in.
Did you do the thing metioned in 5.3.4.5
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/...
also see
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/...
Rob
2017-06-22 13:50 GMT+02:00 Tony Brian Albers via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org>:
Hi guys,
We have a setup where the FreeIPA server also hosts the user's homedirs.
These are shared via NFSv4 and are automounted when a user logs in.
[root@adm-001 ~]# cat /etc/exports
/data/home 172.16.216.0/24(rw,no_root_squash,sec=sys:krb5:krb5i:
krb5p,fsid=1338)
[root@adm-001 ~]# ipa automountkey-show
Location: default
Map: auto.home
Key: *
Key: *
Mount information: -fstype=nfs4,rw,sec=krb5,intr,hard
adm-001.domain:/data/home/&
While normal ssh logins work (you ssh to the client and put in your
password), passwordless ssh does not work. It's obvious that passwordless
logins do not activate the kerberos ticket function, but that results in
the users being unable to read their own files in their homedirs.
For now we ask users to not do passwordless login, but could we make the
latter work?
TIA,
/tony
--
Tony Albers
Systems administrator, IT-development
Royal Danish Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
Tel: +45 2566 2383 / +45 8946 2316
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org