Score:0

How to have Kerberos tickets for services to access NFS share?

us flag

I want to externalize my servers storage and to import it via NFS from the storage server. I want to use NFSv4 with Kerberos for security and for not having to match UID/GID between servers. So I configured everything and mounting works as well accessing the mounted shares for any user with a valid Kerberos ticket.

Now the but: Human users aren't the only ones to access the shares but also applications like for example dovecot (mail store), postgres (db store), seafile (data store), minidlna (media store). But how to get valid tickets for them? Tickets that need renewal because they tend to expire.

Human users can issue kinit when needed besides initial ticket is created via PAM when logging in. But applications/deamons? Need a modificated start script for initial ticket and cron job for renewal? Or what would be the best solution?

Score:0
id flag

To answer my own question for the records: The answer on Linux is gssproxy, the answer to my specific question is detailed in https://github.com/gssapi/gssproxy/blob/main/docs/NFS.md

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.