Re: Diskless clients: NFSv4 mounting with sec=krb5p and no machine creds
Hi,
On Sun, Feb 05, 2012 at 05:25:20PM +0100, Giorgio Pioda wrote:
> > The script executed right after authentication copies the user's
> > Kerberos ticket to the file krb5cc_diskless which is owned by root.
> > This ticket will be picked up by gssd to create the security context
> > needed. However, it's needed to restart autofs, I am not exactly sure
> > why. It looks like autofs caches failures in mounting a directory
> > (which it tries earlier in the login process), and does not try again
> > immediately when the ticket is available.
> >
>
> What about setting a delay in autofs?
>
How long? I think entering the username triggers autofs (to read the
user's configuration, for example which desktop he want's to start by
default). What if someone takes 15 seconds to enter his password, and
someone else needs only 3 seconds? Only if exactly at the right
moment where pam gives the OK (i.e. the ticket is available) for login
the autofs is triggered it will manage to provide the home directory.
Imediatelly after that the user will have / as home (or might not be
allowed to login on gdm).
So I don't think that will work. Did you have any success with the
verify_ap_req_nofail = false
stuff?
Best regards,
Andi
Reply to: