On 24/08/16 19:08, Sean Hogan wrote:
Hi All,
Would anyone be able to direct me to some docs regarding NFS automount
with IPA. We are currently using this setup but to be specific I do not
want the priv keys to be in the users mounted home. When I did the keygen
I took the defaults for location and it went into the exported home of the
user meaning it is mounted on any system the user logs onto which is not a
good idea. Is there a way to set this up so the priv keys stay out of the
mounted home or since I have the keys uploaded into IPA I do not need the
key in home?
Sean Hogan
Hello Sean,
You can find the documentation here:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#automount
But I don't understand what is wrong with the setup. AFAIU NFS, shares
must be mounted only on machines where you (admin) have full control and
therefore ownership and access permissions can be enforced. Then ~/.ssh
directory must have mode 0700 and all files inside it 0600.
If you obey these rules storing ssh keys on NFS share is no less secure
than storing them locally.
--
David Kupka
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
