[CentOS] Accessing KRB5 NFS from local system accounts
Gordon Messmer
gordon.messmer at gmail.comThu Nov 30 22:42:46 UTC 2017
- Previous message: [CentOS] C 7, docker, and storage
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I recently noticed that spamassassin (running as the local "daemon" account) will hang some of the time when processing messages, and tracked it to the process attempting to access ~user/.spamassassin/user_prefs. I believe that should return an access failure, but sometimes the process stalls instead. In any case, I'd like to allow access, but my understanding is that processes without a Kerberos ticket cannot access an NFS4 filesystem with sec=krb5. Is that correct? If so, how would I allow a local system account to access globally readable files? Should I create a keytab, and set KRB5_KTNAME in the spamassassin environment? Does anyone working with NFS and krb5 have any tips?
- Previous message: [CentOS] C 7, docker, and storage
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list