2014-09-22 21:50 GMT+02:00 Simo Sorce <[email protected]>: > On Mon, 22 Sep 2014 15:09:42 -0400 > Dmitri Pal <[email protected]> wrote: > > > On 09/20/2014 05:19 PM, Simo Sorce wrote: > > > On Sat, 20 Sep 2014 19:44:28 +0200 > > > Rob Verduijn <[email protected]> wrote: > > > > > >> Hi again, > > >> > > >> Thank you for the quick response. > > >> I've removed the credstore entries that are not necessary for the > > >> nfs access. > > >> Now the users no longer go through gssproxy, but apache does. > > >> > > >> I've googled around quite a bit and and it seems that your > > >> presentation on youtube and the gssproxy page together with a bit > > >> on the fedora site are about it concerning documentation. > > > We do not have a lot of docs yet, indeed. > > > > > > Is there any chance we can publish this setup somewhere as a HOWTO? > > May be on GSS proxy or IPA wiki? > > That would help others coming after you. > > > > If you have a fedora account you can add content to FreeIPA wiki. > > With a Fedora account you can also write to the GSS-Proxy wiki which > may be more appropriate. >
I've got no problem in writing a howto on what I did. But I have to find some time to sit down for it, and create a fedora account first. > > > > > > > > >> The below gssproxy.conf works fine for apache accessing a > > >> kerberized nfs share without having to authenticate against ipa. > > >> > > >> If I were to create another share for say an tftp directory do I > > >> need to create another entry like the one below or can I simply > > >> say : euid = 48,1,2,3,4 > > > Nope, euid is singlevalued. > > > > > > Should we open RFE for it? > > ding-libs can return you a list of numbers. > > No, it rarely if ever would make sense to do so, And we want to move > the conf to have multiple conf snippets instead of a single file, in > that case you'll want to have multiple snippets one per user. > I did indeed create a second snippet for the other service. :P Rob > > Simo. > > > -- > Simo Sorce * Red Hat, Inc * New York > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
