On Tue, Apr 15, 2014 at 02:34:11PM -0500, Nico Williams wrote: > On Tue, Apr 15, 2014 at 2:22 PM, Will Fiveash <will.five...@oracle.com> wrote: > > But if this is a work laptop, which is typically a single user system > > and operates as a client in various contexts, requiring IT provision it > > with a keytab seems onerous to me. Note that a Solaris NFS v3 client > > does not require root have a krb cred to operation, even when > > automounting -- it only requires the user that triggered the automount > > have a krb cred. > > What should happen is that there should be a way to enroll a device.
If a keytab is really needed. On the otherhand, if a laptop is only acting as a client then why bother? Assuming the logged-in user has a way of acquiring their krb cred that's all they should need if the laptop is acting as a NFS, ssh or any other client that tries to do gss/krb auth. -- Will Fiveash Oracle Solaris Software Engineer ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos