[CentOS] Centos 6 - What are you looking forward to?

Nico Kadel-Garcia nkadel at gmail.com
Mon Mar 7 13:23:28 UTC 2011


On Mon, Mar 7, 2011 at 7:56 AM, John Hodrien <J.H.Hodrien at leeds.ac.uk> wrote:
> On Mon, 7 Mar 2011, Nico Kadel-Garcia wrote:
>
>> If this works, you've just solved a *BIG* problem for me: I'd been
>> handed (ordered before I arrived on the site) the issues of getting
>> Centrify OpenSSH to play nicely, and this avoids the "OpenSSH 5.x does
>> not read .bashrc and read user aliases for remote ssh commands"
>> problem I've been facing, while preserving the effective GSSAPI
>> credentials handling.
>
> Tested this with regular MIT kerberos under CentOS some time ago, but am
> actually running it against Active Directory currently.
>
>> *Good* admin. And are you coming to the Boston are, so I can buy you a
>> decent local beer? (I'm not in London anymore.)  Why aren't you over
>> on the comp.security.ssh?
>
> Too many groups, too little time.  Tell you what, solve all the niggly little
> problems I've had with kerberised NFSv4 with CentOS5, and we'll call it quits.

Ahh, I'll just trade you this fine lease on swampland in Florida for
your first born, shall I?

NFSv4 is *NOT* your friend, and Kerberizing it effectively is not
trivial. I'm using Centrify for that and to have a reliable upstream
vendor who can actually support it. (I'm on a contract.) What's the
issue you're encountering, besides the lack of "nfs4-acl-editor" in
the RPM's.

nfs4-acl-editor is actually built into the nfs4 tools source tree,
it's just not compiled. It's not a perfect tool, but I think well
worth getting into the "extras" repository for CentOS.



More information about the CentOS mailing list