Here is a workaround that works for me. Create a 5 minutes cron job that: hits an URL for the NFS mount and then restart gssproxy.
Just restarting gssproxy by itself doesn't work. The permission problem will eventually come back. Also, reversing the order (first restart then URL hit) also doesn't work.
-----Original Message----- From: Anthony Messina [mailto:amessina@messinet.com] Sent: Thursday, February 25, 2016 5:26 PM To: gss-proxy@lists.fedorahosted.org Subject: [gssproxy] Re: Gssproxy stops looking for Apache ccache after awhile
On Thursday, February 25, 2016 03:59:59 PM Simo Sorce wrote:
On Thu, 2016-02-25 at 20:46 +0000, Wen Liang wrote:
Yes, restarting rpc.gssd (systemctl restart rpcgssd) also solves the Apache permission.
Ok, his is good information, I wonder if there is a bug in rpc,gssd or in the gssproxy client.
What version of gss-proxy are you running exactly ?
Simo.
I can confirm this same issue, but I don't use gssproxy for the HTTP service keytab, just the regular NFS client/server gssproxy.conf defaults to allow Apache to serve KRB5/NFSv4 /home dirs. (Just didn't get a chance to report it). -A
-- Anthony - https://messinet.com/ - https://messinet.com/~amessina/gallery 8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E