I have a working setup in a corporate environment where we use RHEL7 together with SSSD to authenticate against Active Directory. Regular authentication works well.
I managed to get the NFSv4 server to work with NFSv4 clients all using the same domain together with Kerberos and SSSD but only in an interactive fashion (ie: SSSD auto-create ticket at login time or manually using kinit).
The purpose of these NFS shares is to store some content that will need to be accessible from applicative users (ie httpd or tomcat).
What is the best approach for such deployment to make the access possible to the user in a non-interactive way?
Thanks in advance;
Подход, который я обычно использовал для этого:
Для простоты управления я часто использовал этот файл модуля SystemD ( или вариант) для k5start. Настройте его как пользовательскую службу, управляемую systemd.
[Unit]
Description=Service User Kerberos Auth (Keytab)
After=dbus.service
After=network.target
After=NetworkManager.service
[Service]
Environment="KEYTAB=${HOME}/krb5.keytab"
Environment="INTERVAL=120"
Type=simple
ExecStart=/usr/bin/k5start -f ${KEYTAB} -K ${INTERVAL} -L -u ${USER}