Hi Peter,

Just curious on why you were forced to use kerberos on your nfs share? Which version of OneFS are you running? We also have Isilon and we are validating sssd for our environment.

Best,
Baldwin

Sent from my iPhone

On Dec 23, 2015, at 4:35 AM, Peter Tulpen <ptulpen@emailn.de> wrote:

Hello,

Since we were forced to use Kerberos on our isilon nfs share, we see several issues and have several use cases, which might all be covered by sssd,  but this is to confusing for me to cope

What I already understood is, that I have to forget about public/private key, because of this issue: https://fedorahosted.org/freeipa/ticket/4000

Also we have the home directories on the kerberized server, so we get an infinite loop

The 3 use cases:

-          Login in linux directly with username and password (ticket creation needed) and login to other servers via ssh passswordless with this ticket (this works already)

-          Login into windows with a smartcard (with getting a valid TGT) and loggin into the servers via putty (or something similar). Also from here, logon to other servers (works only when there is already a ticket)

-          Services with a default user, which tickets get refreshed infinitely (I think I have to use keytabs, but the refreshing does not work)

 

So can I achieve, that in every case sssd refreshes the tickets . Or do I have to combine sssd with something like krenew?

Do I have to switch Kerberos on or of in the ssh config (I find different opinions about that online)

I attached the ssh krb and sssd configs

Best regards and happy holidays,

Peter




Versendet mit Emailn.de - Freemail

* Unbegrenzt Speicherplatz
* Eigenes Online-Büro
* 24h besten Mailempfang
* Spamschutz, Adressbuch

_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org