3

Environment: I have joined a few of my RHEL 7.3 boxes with MS AD domain using realmd/sssd. I have allowed only members of a few allowed groups can login to the box. Credentials caching is disabled. All works well without any problem.

What I need to achieve next: I want one Windows SMB share to be permanently mounted to the Linux (in the fstab or else) using Kerberos(passwordless).

What I have achieved so far: I am able to mount the Windows SMB path, but it expires when the manually generated TGT ticket expires.

How I’m doing it: I generate TGT ticket using ‘kinit’

then TGT ticket for cifs mount using kvnp

Then making an entry in the fstab with ‘sec=krb5’ and providing the uid of the desired service account.

Using the above the SMB share is mounted successfully but expires in 9 hours upon expiration of the TGT ticket.

Please suggest if there is something that I can do to make the mount permanent.

Note: I'm not modifying the TGT ticket expiration time thinking it may cause some security or compliance concerns.(please, correct me if I'm wrong).

Improve this question
1
  • @JeffSchaller Thanks, duplicate text removed. I asked this question in StackExchange and was suggested to post here. And the copy/paste error happened. Commented Jan 15, 2018 at 13:05

1 Answer 1

Reset to default
1

As long as you are using the same default principal name that is used in your cache you should be able to just create a reoccurring cronjob that runs kinit with your keytab assuming you already have one created and stored securely.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.