From: steve <steve-dZ4O0aZtNmBWk0Htik3J/w@public.gmane.org>
To: Peter Parzer
<peter.parzer-A1rZ2h3LdSKdPOQpRHQ53DeJuz7u0hKX@public.gmane.org>
Cc: linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: multiuser kerberised cifs via autofs needs root ticket cache
Date: Tue, 30 Apr 2013 17:59:36 +0200 [thread overview]
Message-ID: <517FEA68.1060602@steve-ss.com> (raw)
In-Reply-To: <517FD018.40106-A1rZ2h3LdSKdPOQpRHQ53DeJuz7u0hKX@public.gmane.org>
On 30/04/13 16:07, Peter Parzer wrote:
> Hi,
>
> Am 30.04.2013 15:22, schrieb Jeff Layton:
>>
>> No, that's not what I'm saying at all. You can get the same effect by
>> setting up credentials for root in /etc/krb5.keytab. Just pass in the
>> correct username= mount option for the principal that you want root to
>> be.
>>
>
> Not exactly on the topic, but I have been struggling a long time with
> this question. How can I setup credentials for root in
> /etc/krb5.keytab? I do the cifs multiuser mount in /etc/fstab at boot
> time. To create Kerberos tickets for root I have a network if-up hook
> with the command "net ads kerberos kinit -P". Is there an easier way
> using the keytab file?
>
Hi Peter
I'm a fellow struggler but I think I can answer this one. I just tested
it. You can choose anyone to be root. You can choose any key you happen
to have around in the keytab. We use the machine key because its
produced when you join the domain. If you didn't secify kerberos metod =
xxx before you joined, you can create the keys using net ads keytab
create -UAdminUser The, on boot run:
kinit -k MACHINE$
on boot and put the same command in a file under /etc/cron.hourly to
keep it alive.
I don't think this is the correct way, but hey it works.
next prev parent reply other threads:[~2013-04-30 15:59 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-20 7:10 multiuser kerberised cifs via autofs needs root ticket cache steve
[not found] ` <51723F74.3010807-dZ4O0aZtNmBWk0Htik3J/w@public.gmane.org>
2013-04-26 14:14 ` Jeff Layton
[not found] ` <20130426101410.1754c9ab-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2013-04-26 23:22 ` steve
[not found] ` <517B0C3A.80809-dZ4O0aZtNmBWk0Htik3J/w@public.gmane.org>
2013-04-30 13:22 ` Jeff Layton
[not found] ` <20130430092212.53254831-9yPaYZwiELC+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2013-04-30 14:07 ` Peter Parzer
[not found] ` <517FD018.40106-A1rZ2h3LdSKdPOQpRHQ53DeJuz7u0hKX@public.gmane.org>
2013-04-30 15:59 ` steve [this message]
[not found] ` <517FEA68.1060602-dZ4O0aZtNmBWk0Htik3J/w@public.gmane.org>
2013-04-30 16:08 ` Robert J. Hendelman Jr
2013-04-30 15:51 ` steve
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=517FEA68.1060602@steve-ss.com \
--to=steve-dz4o0aztnmbwk0htik3j/w@public.gmane.org \
--cc=linux-cifs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=peter.parzer-A1rZ2h3LdSKdPOQpRHQ53DeJuz7u0hKX@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.