[Freeipa-users] (no subject)
David Kupka
dkupka at redhat.com
Thu Aug 25 04:57:43 UTC 2016
On 24/08/16 19:08, Sean Hogan wrote:
>
>
> Hi All,
>
> Would anyone be able to direct me to some docs regarding NFS automount
> with IPA. We are currently using this setup but to be specific I do not
> want the priv keys to be in the users mounted home. When I did the keygen
> I took the defaults for location and it went into the exported home of the
> user meaning it is mounted on any system the user logs onto which is not a
> good idea. Is there a way to set this up so the priv keys stay out of the
> mounted home or since I have the keys uploaded into IPA I do not need the
> key in home?
>
>
>
>
> Sean Hogan
>
>
>
>
>
Hello Sean,
You can find the documentation here:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#automount
But I don't understand what is wrong with the setup. AFAIU NFS, shares
must be mounted only on machines where you (admin) have full control and
therefore ownership and access permissions can be enforced. Then ~/.ssh
directory must have mode 0700 and all files inside it 0600.
If you obey these rules storing ssh keys on NFS share is no less secure
than storing them locally.
--
David Kupka
More information about the Freeipa-users
mailing list