[plug] FW: Kerberos Ticket for Local Service Account

Alex alex at spottedmouse.com
Thu Jul 16 13:45:01 AWST 2020 

Hi Chris,

Thanks for your help.

kinit shows:
kinit: Client 'saas at mydomain.local' not found in Kerberos database while getting initial credentials

klist shows:
klist: Credentials cache keyring 'persistent:5050:5050' not found

I think you are right in that I need a ticket. What is the best way to associate one to a system account in way that ticket expiration is handled seamlessly. I did consider running kinit every couple of hours, but this feels like a horrible solution. Are there any other options of maintaining a valid ticket.

Kind regards
Alex


On 2020-07-16 13:19, Chris Hoy Poy wrote:
> What's kinit show for your second user? It sounds like it needs a 
> token (or access to one).
> 
> Usually every user that requires access needs a ticket (so kinit needs 
> to reflect that, or it will bounce)
> 
> /Chris
> 
> On Thu, 16 Jul 2020, 1:16 pm Alex, <alex at spottedmouse.com> wrote:
> 
>> Hi all,
>> 
>> I am looking at running a service under a local system account on a 
>> linux server, but need to be able to access a NFS v4 share with 
>> Kerberos enabled security. As root user I can see that using the 
>> machine’s Kerberos ticket access to the share works successfully.
>> However as soon as I try to access the share using another local 
>> system account access to the share is denied.
>> 
>> I am hoping we have a local Kerberos expert who might be able to 
>> point me in the direction on how this is usually done. Any pointers 
>> on how to allow local system users access to the Kerberos tickets and 
>> the share would really help me out.
>> 
>> Kind regards
>> 
>> Alex_______________________________________________
>> PLUG discussion list: plug at plug.org.au 
>> http://lists.plug.org.au/mailman/listinfo/plug
>> Committee e-mail: committee at plug.org.au PLUG Membership: 
>> http://www.plug.org.au/membership
> _______________________________________________
> PLUG discussion list: plug at plug.org.au 
> http://lists.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.org.au PLUG Membership: 
> http://www.plug.org.au/membership

More information about the plug mailing list