Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity

tell about gssproxy

Browse Source
This commit is contained in:
buchel_k
2024-11-25 13:31:10 +01:00
parent 8b8ef4a887
commit fd948523cd
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
admin-guide/configuration/files/central_storage_mount.md
View File

@@ -17,7 +17,10 @@ On workstation type systems this is enabled by default starting with RHEL9
## Adding a Share
For a new or exsting share find a suitable path below `/psi.ch/group` or `/psi.ch/project` and inform Peter Huesser or the [Linux Core Group](mailto:linux-eng@psi.ch)
For a new or exsting share find a suitable path below `/psi.ch/group` or `/psi.ch/project` and inform the [NAS Team](cits2-nas@psi.ch) or the [Linux Core Group](mailto:linux-eng@psi.ch).
## Kerberos and Permanent Running Software
Checkout [Permanent Kerberos with gssproxy and Password Keytab](../basic/gssproxy_with_keytab) if you want to access this, e.g. with background processes without having to type passwords (`kinit`) regularly.
## Debugging

6
admin-guide/configuration/files/mount.md
View File

@@ -59,7 +59,7 @@ mounter::mounts:
- 'controls'
```
Ideally use NFSv4 (option `nfsvers=4.2`) and Kerberos authentication (option `sec=krb5`) is used. For Kerberos please contact the Linux Core Group for support. We managed to get it running experimentally, but it might not run yet automatically from Puppet. And of course also the NetApp side needs to be prepared accordingly.
Ideally use NFSv4 (option `nfsvers=4.2`) and Kerberos authentication (option `sec=krb5`) is used. And of course also the NetApp side needs to be prepared accordingly.
Following options are possible for `sec`:
- `sys` client enforces access control (default on NFS3)
@@ -72,6 +72,8 @@ NFS and Kerberos also needs ID mapping, which is automatically configured to the
nfs_idmap::domain: 'ethz.ch'
```
Checkout [Permanent Kerberos with gssproxy and Password Keytab](../basic/gssproxy_with_keytab) if you want to access a Kerberos protected share, e.g. with background processes without having to type passwords (`kinit`) regularly.
## CIFS
### CIFS with Multiuser Option and Kerberos
@@ -107,6 +109,8 @@ mounter::mounts:
This only works if `everybody` has read access to the share itself, but that is not needed for subfolders.
Else you need a password as below or a keytab (here feel free to ask the Linux Group for support).
Checkout [Permanent Kerberos with gssproxy and Password Keytab](../basic/gssproxy_with_keytab) if you want to access a Kerberos protected share, e.g. with background processes without having to type passwords (`kinit`) regularly.
### CIFS with User and Password
Remote CIFS mountpoints can be defined as follows: