On Mon, Mar 7, 2011 at 7:56 AM, John Hodrien <J.H.Hodrien at leeds.ac.uk> wrote: > On Mon, 7 Mar 2011, Nico Kadel-Garcia wrote: > >> If this works, you've just solved a *BIG* problem for me: I'd been >> handed (ordered before I arrived on the site) the issues of getting >> Centrify OpenSSH to play nicely, and this avoids the "OpenSSH 5.x does >> not read .bashrc and read user aliases for remote ssh commands" >> problem I've been facing, while preserving the effective GSSAPI >> credentials handling. > > Tested this with regular MIT kerberos under CentOS some time ago, but am > actually running it against Active Directory currently. > >> *Good* admin. And are you coming to the Boston are, so I can buy you a >> decent local beer? (I'm not in London anymore.) Why aren't you over >> on the comp.security.ssh? > > Too many groups, too little time. Tell you what, solve all the niggly little > problems I've had with kerberised NFSv4 with CentOS5, and we'll call it quits. Ahh, I'll just trade you this fine lease on swampland in Florida for your first born, shall I? NFSv4 is *NOT* your friend, and Kerberizing it effectively is not trivial. I'm using Centrify for that and to have a reliable upstream vendor who can actually support it. (I'm on a contract.) What's the issue you're encountering, besides the lack of "nfs4-acl-editor" in the RPM's. nfs4-acl-editor is actually built into the nfs4 tools source tree, it's just not compiled. It's not a perfect tool, but I think well worth getting into the "extras" repository for CentOS.