[plug] FW: Kerberos Ticket for Local Service Account
alex at spottedmouse.com
Thu Jul 16 13:45:01 AWST 2020
Thanks for your help.
kinit: Client 'saas at mydomain.local' not found in Kerberos database while getting initial credentials
klist: Credentials cache keyring 'persistent:5050:5050' not found
I think you are right in that I need a ticket. What is the best way to associate one to a system account in way that ticket expiration is handled seamlessly. I did consider running kinit every couple of hours, but this feels like a horrible solution. Are there any other options of maintaining a valid ticket.
On 2020-07-16 13:19, Chris Hoy Poy wrote:
> What's kinit show for your second user? It sounds like it needs a
> token (or access to one).
> Usually every user that requires access needs a ticket (so kinit needs
> to reflect that, or it will bounce)
> On Thu, 16 Jul 2020, 1:16 pm Alex, <alex at spottedmouse.com> wrote:
>> Hi all,
>> I am looking at running a service under a local system account on a
>> linux server, but need to be able to access a NFS v4 share with
>> Kerberos enabled security. As root user I can see that using the
>> machine’s Kerberos ticket access to the share works successfully.
>> However as soon as I try to access the share using another local
>> system account access to the share is denied.
>> I am hoping we have a local Kerberos expert who might be able to
>> point me in the direction on how this is usually done. Any pointers
>> on how to allow local system users access to the Kerberos tickets and
>> the share would really help me out.
>> Kind regards
>> PLUG discussion list: plug at plug.org.au
>> Committee e-mail: committee at plug.org.au PLUG Membership:
> PLUG discussion list: plug at plug.org.au
> Committee e-mail: committee at plug.org.au PLUG Membership:
More information about the plug