NFS4&Kerberos&Crontab
Terry Figel
terry at soe.ucsc.edu
Tue Jul 11 18:51:26 EDT 2006
Hi-
I have 2 related questions that came up as part of our roll-out of NFS4.
1.) Can you use user crontabs on NFSv4 with kerberos:
issue- If we go to NFS4 on home directories, and we run jobs via
cron, what happens when the kerberos ticket expires
Proposed workaround-- Use kadmin, make a keytab file for the user,
put a crontab -k -t user.keytab
Problem: if the user stores this in their home directory, it is a
chicken and egg problem.
(not really chicken and egg, because you can kinit once, and
crontab every 6 hours so it never expires.....
but I am wondering what people do out there)
2.) Same idea, do people use public/private ssh keys? Can that issue a
kerberos ticket?
We can use the proposed solution from 1.), of ssh in, do a kinit
with a user.keytab file, but if you store
that in your home directory, it will not be able to read the keytab.
I am just wondering if anyone uses Kerberos/NFS4/ and ssh
public-private keys.
(i.e. how do you automate doing a job on 1000's of computers? just
with expect scripts?)
More information about the NFSv4
mailing list