I want to externalize my servers storage and to import it via NFS from the storage server. I want to use NFSv4 with Kerberos for security and for not having to match UID/GID between servers. So I configured everything and mounting works as well accessing the mounted shares for any user with a valid Kerberos ticket.
Now the but: Human users aren't the only ones to access the shares but also applications like for example dovecot (mail store), postgres (db store), seafile (data store), minidlna (media store). But how to get valid tickets for them? Tickets that need renewal because they tend to expire.
Human users can issue kinit when needed besides initial ticket is created via PAM when logging in. But applications/deamons? Need a modificated start script for initial ticket and cron job for renewal? Or what would be the best solution?
