On Mon, 22 Sep 2014 15:09:42 -0400 Dmitri Pal <d...@redhat.com> wrote:
> On 09/20/2014 05:19 PM, Simo Sorce wrote: > > On Sat, 20 Sep 2014 19:44:28 +0200 > > Rob Verduijn <rob.verdu...@gmail.com> wrote: > > > >> Hi again, > >> > >> Thank you for the quick response. > >> I've removed the credstore entries that are not necessary for the > >> nfs access. > >> Now the users no longer go through gssproxy, but apache does. > >> > >> I've googled around quite a bit and and it seems that your > >> presentation on youtube and the gssproxy page together with a bit > >> on the fedora site are about it concerning documentation. > > We do not have a lot of docs yet, indeed. > > > Is there any chance we can publish this setup somewhere as a HOWTO? > May be on GSS proxy or IPA wiki? > That would help others coming after you. > > If you have a fedora account you can add content to FreeIPA wiki. With a Fedora account you can also write to the GSS-Proxy wiki which may be more appropriate. > > > > >> The below gssproxy.conf works fine for apache accessing a > >> kerberized nfs share without having to authenticate against ipa. > >> > >> If I were to create another share for say an tftp directory do I > >> need to create another entry like the one below or can I simply > >> say : euid = 48,1,2,3,4 > > Nope, euid is singlevalued. > > > Should we open RFE for it? > ding-libs can return you a list of numbers. No, it rarely if ever would make sense to do so, And we want to move the conf to have multiple conf snippets instead of a single file, in that case you'll want to have multiple snippets one per user. Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
