I use kerberose authentication. All user has one shared Home$ in the docker file So the foodprint in docker is very small and only databases are outside (bind mount) so I think it is more secure then to use ssh on the host for chui application (cached Kerberos ticket are in the container)
Hello Robert
I found a new way
set owner root to file /usr/sbin/sshd
set the SID bit (chmod 4755) of file /usr/sbin/sshd
start the SSD daemon with /usr/sbin/sshd
But I have a other problem if I stop the iris-container iris is not realy shutdown (files: database.lck are still there)
Hello Robert
I can say it is not a bad idea I have done this by a customer because they still use terminal application I have also include keberos and use the same userid as the host (create kerberos user in the docker user database with same uid) for each terminal user. So you have the userid on the host in the docker and in IRIS (cached Kerberos login and authorization over LDAPS)
the benfit of this configuration
.) the cached kerberos ticket is only in the container
.) all files and system access is done with one userid (security)
.) in case the user gets a shell (with should not possible in my setup the user is still in the container shell and not in the host shell
In my setup iris is still running as irisowner and I start ssh server outside with docker exec (i don't find a better solution yet)
Hello Katherine,
Thank you for your help Studio, ODBC and the Webgateway itself are working now. Also Apache Websites are working with GSS-API and negotiation. But how can I get a SSO kerberos login form the Web Browser credentials to iris. I don't find any documentation.
best regards
Hannes