Category Archives: Sysadmin

Automount and home directory creation

Posted on by
4

NFS is the NAS equivalent of Democracy: the worst implementation except for all the others. If you want a remote home directory for your users, chances are you’ve contemplated Automount as the solution for it.  I’ve been working on Automount support for the web UI in FreeIPA.  Here’s the concept.  When you add a user, you want to delay creation of the users home directory on some subset of Network Devices.  This is a tricky problem to solve.  Here’s why.
Continue reading

Firefox and Multiple Kerberos Realms

Posted on by
Reply

You will need two profiles: I use my default for my corporate setup, and a new one for development.

(Note:  if you want to keep open a browser, you can use the –no-remote switch so that Firefox doesn’t ignore your pleas to use a different profile, and instead just makes another window that uses the same one.)

firefox -P kfrog  –no-remote &

Go through the steps to create another profile.

In the second window, you need to establish kinit, but running with a different TGT.  You do this with an environment variable:

export KRB5CCNAME=/tmp/krb5ccache

kinit kfrog@TESTREALM.COM

Close and restart firefox.

firefox –no-remote -P ayoung &

RFI: SPEGNO multiple requests

Posted on by
Reply

From what we are seeing and what I’ve read, the browser seems to send a JSON request with no Auth info, and then the whole SPEGNO handshake takes place, turning what should be a single request response into (at a minimum) two.  It seems to me that we should be able to avoid that after the initial auth has taken place.

Is there any way to cache SPEGNO information such that successive JSON RPC calls provide the needed information automatically, instead of requiring multiple round trips per request?

Any Fedora people worked with this stuff and know how to optimize it?  Do I need to revert to a Cookie based approach?