On Sun, 2017-01-01 at 20:37 +0100, Rob Verduijn wrote:
2016-12-30 21:26 GMT+01:00 Lukas Slebodnik lslebodn@redhat.com:
On (30/12/16 18:25), Rob Verduijn wrote:
Hello,
I've been struggling for some days on fedora25 to get gssproxy to work.
After a long time I decided to try this on centos73 to see if I was doing it wrong.
After a minimal install and joining it to the ipa domain the gssproxy was working flawless.
After checking for the oompthied time for typos and possible kvno errors
in
the keytabs I can say that the configuration that works flawlessly on centos73 does not work on fedora25.
I first wondered if autofs and gssproxy wouldn't play nice together, but
it
seems I have been fighting this bug on centos73 and fedora24/25: https://fedorahosted.org/sssd/ticket/3080 Any idea when the fix will be released ?
The patch has not beed pushed to upstream yet.
But the workaround should be very simple. sh# systemctl restart autofs.service
I let answer rest for others.
LS _______________________________________________ gss-proxy mailing list -- gss-proxy@lists.fedorahosted.org To unsubscribe send an email to gss-proxy-leave@lists.fedorahosted.org
Hi,
gssproxy also does not work on fedora24. Is there a new way of configuring gssproxy ?
I used the example for apache from this page : https://fedorahosted.org/gss-proxy/wiki/Apache
On centos73 I did:
ipa service-add HTTP/server-name@LOCAL.DOMAIN
installed the keytab in /etc/gssproxy/http.keytab
and edited the file /etc/gssproxy/gssproxy.conf [gssproxy]
[service/HTTP] mechs = krb5 cred_store = keytab:/etc/gssproxy/http.keytab cred_store = ccache:/var/lib/gssproxy/clients/krb5cc_%U euid = 48
reboot and mounted the kerberized nfs4 share
did a su - apache -s /bin/bash
and the apache user could read the kerberized nfs4 share
I tried exactly the same on fedora 24 and 25, and on both it failed.
Does it work for you if you add cred_store = client_keytab:/etc/gssproxy/http.keytab ?