On 09/20/2014 05:19 PM, Simo Sorce wrote:
On Sat, 20 Sep 2014 19:44:28 +0200
Rob Verduijn rob.verdu...@gmail.com wrote:
Hi again,
Thank you for the quick response.
I've removed the credstore entries that are not necessary for the nfs
access.
Now the users no longer go through gssproxy, but
On Mon, 22 Sep 2014 15:09:42 -0400
Dmitri Pal d...@redhat.com wrote:
On 09/20/2014 05:19 PM, Simo Sorce wrote:
On Sat, 20 Sep 2014 19:44:28 +0200
Rob Verduijn rob.verdu...@gmail.com wrote:
Hi again,
Thank you for the quick response.
I've removed the credstore entries that are not
Hello all,
I've managed to get the gssproxy to work on my installation.
I can now mount my apache document root using sec=krb5p and apache
automagically mounts the share when needed.
However I noticed that now all nfs credentials are going through gssproxy.
Is there a way to disable this for
On Sat, 20 Sep 2014 16:53:48 +0200
Rob Verduijn rob.verdu...@gmail.com wrote:
Hello all,
I've managed to get the gssproxy to work on my installation.
I can now mount my apache document root using sec=krb5p and apache
automagically mounts the share when needed.
However I noticed that now
On Saturday, September 20, 2014 12:15:04 PM Simo Sorce wrote:
[service/nfs-client]
mechs = krb5
cred_store = keytab:/etc/krb5.keytab
cred_store = ccache:FILE:/var/lib/gssproxy/clients/krb5cc_%U
cred_store = client_keytab:/etc/gssproxy/%U.keytab
cred_usage = initiate
Hi again,
Thank you for the quick response.
I've removed the credstore entries that are not necessary for the nfs
access.
Now the users no longer go through gssproxy, but apache does.
I've googled around quite a bit and and it seems that your presentation on
youtube and the gssproxy page
On Sat, 20 Sep 2014 11:38:16 -0500
Anthony Messina amess...@messinet.com wrote:
On Saturday, September 20, 2014 12:15:04 PM Simo Sorce wrote:
[service/nfs-client]
mechs = krb5
cred_store = keytab:/etc/krb5.keytab
cred_store = ccache:FILE:/var/lib/gssproxy/clients/krb5cc_%U
On Sat, 20 Sep 2014 19:44:28 +0200
Rob Verduijn rob.verdu...@gmail.com wrote:
Hi again,
Thank you for the quick response.
I've removed the credstore entries that are not necessary for the nfs
access.
Now the users no longer go through gssproxy, but apache does.
I've googled around quite
2014-09-16 20:57 GMT+02:00 Nordgren, Bryce L -FS bnordg...@fs.fed.us:
Also opened https://fedorahosted.org/freeipa/ticket/4544
Tried to summarize this thread on that ticket.
Back to the OP's concern, whenever I use NFS as a documentroot for apache
(even a WebDAV server), I make a separate
Hello,
I've got a webserver whose default export is on a kerberized nfs4 export.
The export works fine for regular ipa users
However the apache user is not allowed to read anything from the export.
What would be the best practice to allow the apache user access to the nfs4
export without
running apache.
Bryce
From: freeipa-users-boun...@redhat.com
[mailto:freeipa-users-boun...@redhat.com] On Behalf Of Rob Verduijn
Sent: Monday, September 15, 2014 9:17 AM
To: freeipa-users@redhat.com
Subject: [Freeipa-users] apache kerberized nfs4 /var/www/html access denied for
apache user
Hello
On Monday, September 15, 2014 06:10:13 PM Nordgren, Bryce L -FS wrote:
How does the NFS server map the apache user to “something” it recognizes? I
would suggest that the easiest solution may be to use an IPA account called
“apache”, so that the mappings would just work, but currently I’m having
12 matches
Mail list logo