On (30/12/16 18:25), Rob Verduijn wrote:
>I've been struggling for some days on fedora25 to get gssproxy to work.
>After a long time I decided to try this on centos73 to see if I was doing
>After a minimal install and joining it to the ipa domain the gssproxy was
>After checking for the oompthied time for typos and possible kvno errors in
>the keytabs I can say that the configuration that works flawlessly on
>centos73 does not work on fedora25.
>I first wondered if autofs and gssproxy wouldn't play nice together, but it
>I have been fighting this bug on centos73 and fedora24/25:
>Any idea when the fix will be released ?
The patch has not beed pushed to upstream yet.
But the workaround should be very simple.
sh# systemctl restart autofs.service
I let answer rest for others.
gss-proxy mailing list -- firstname.lastname@example.org.
To unsubscribe send an email to gss-proxy-leave@lists.
ipa service-add HTTP/server-name@LOCAL.DOMAIN
installed the keytab in /etc/gssproxy/http.keytab
and edited the file /etc/gssproxy/gssproxy.conf
[service/HTTP] mechs = krb5 cred_store = keytab:/etc/gssproxy/http.keytab cred_store = ccache:/var/lib/gssproxy/clients/krb5cc_%U euid = 48
reboot and mounted the kerberized nfs4 share
did a su - apache -s /bin/bash
and the apache user could read the kerberized nfs4 share
I tried exactly the same on fedora 24 and 25, and on both it failed.