2016-12-30 21:26 GMT+01:00 Lukas Slebodnik <lslebodn@redhat.com>:
On (30/12/16 18:25), Rob Verduijn wrote:
>I've been struggling for some days on fedora25 to get gssproxy to work.
>After a long time I decided to try this on centos73 to see if I was doing
>it wrong.
>After a minimal install and joining it to the ipa domain the gssproxy was
>working flawless.
>After checking for the oompthied time for typos and possible kvno errors in
>the keytabs I can say that the configuration that works flawlessly on
>centos73 does not work on fedora25.
>I first wondered if autofs and gssproxy wouldn't play nice together, but it
>I have been fighting this bug on centos73 and fedora24/25:
>Any idea when the fix will be released ?
The patch has not beed pushed to upstream yet.

But the workaround should be very simple.
sh# systemctl restart autofs.service

I let answer rest for others.

gss-proxy mailing list -- gss-proxy@lists.fedorahosted.org
To unsubscribe send an email to gss-proxy-leave@lists.fedorahosted.org


gssproxy also does not work on fedora24.
Is there a new way of configuring gssproxy ?

I used the example for apache from this page :

On centos73 I did:

ipa service-add HTTP/server-name@LOCAL.DOMAIN
installed the keytab in /etc/gssproxy/http.keytab

and edited the file /etc/gssproxy/gssproxy.conf

[service/HTTP] mechs = krb5 cred_store = keytab:/etc/gssproxy/http.keytab cred_store = ccache:/var/lib/gssproxy/clients/krb5cc_%U euid = 48

reboot and mounted the kerberized nfs4 share 
did a su - apache -s /bin/bash
and the apache user could read the kerberized nfs4 share

I tried exactly the same on fedora 24 and 25, and on both it failed.
Rob Verduijn