FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Build System

 
 
LinkBack Thread Tools
 
Old 12-16-2010, 11:15 PM
Anthony Messina
 
Default Kojid & NFSv4 with sec=krb5p

I have been able to set up a private Koji instance using Kerberos and
have /mnt/koji shared via NFSv4 using sec=krb5p -- with manual
intervention after kojid startup, however, I have some questions
regarding automation.

The /mnt/koji directory is exported with (/etc/exports)

/export *.example.com(fsid=0,sec=krb5p)
/export/home *.example.com(rw,nohide,sec=krb5p)
...
/export/koji *.example.com(ro,nohide,sec=krb5p,all_squash)
...

The kojibuilder user on each of the kojid hosts needs read access to
this directory, so I attempted to use the following script at startup
(and via cron jobs to keep the kojibuilder (uidnumber 492) user's
credentials refreshed):

------------
#!/bin/bash
KRB5CCNAME="/tmp/krb5cc_492"
export KRB5CCNAME

/usr/bin/kinit -k -t /etc/kojibuilder.keytab
kojibuilder/build.example.com@EXAMPLE.COM

chown kojibuilder:kojibuilder $KRB5CCNAME
chcon -t user_tmp_t $KRB5CCNAME
-----------

But unless I 'su - kojibuilder' and run the above script, the
kojibuilder user is not able to access the krp5p mount. Once I run the
script as the kojibuilder user, then kojid builds won't fail with mock
errors.

Are there other users who have a better solution for this? Right now,
the kojihub is exporting other mounts to actual users and it doesn't
appear that I can enforce krb5p on all other exports except this one.

Thanks. -A

--
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E

--
buildsys mailing list
buildsys@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/buildsys
 

Thread Tools




All times are GMT. The time now is 06:09 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org