go to post Hannes Postl OEID · Apr 23, 2021 I use kerberose authentication. All user has one shared Home$ in the docker file So the foodprint in docker is very small and only databases are outside (bind mount) so I think it is more secure then to use ssh on the host for chui application (cached Kerberos ticket are in the container)
go to post Hannes Postl OEID · Apr 23, 2021 Hello Robert I found a new way set owner root to file /usr/sbin/sshdset the SID bit (chmod 4755) of file /usr/sbin/sshdstart the SSD daemon with /usr/sbin/sshdBut I have a other problem if I stop the iris-container iris is not realy shutdown (files: database.lck are still there)
go to post Hannes Postl OEID · Apr 18, 2021 Hello Robert I can say it is not a bad idea I have done this by a customer because they still use terminal application I have also include keberos and use the same userid as the host (create kerberos user in the docker user database with same uid) for each terminal user. So you have the userid on the host in the docker and in IRIS (cached Kerberos login and authorization over LDAPS) the benfit of this configuration .) the cached kerberos ticket is only in the container .) all files and system access is done with one userid (security) .) in case the user gets a shell (with should not possible in my setup the user is still in the container shell and not in the host shell In my setup iris is still running as irisowner and I start ssh server outside with docker exec (i don't find a better solution yet)
go to post Hannes Postl OEID · Sep 28, 2020 Hello Katherine, Thank you for your help Studio, ODBC and the Webgateway itself are working now. Also Apache Websites are working with GSS-API and negotiation. But how can I get a SSO kerberos login form the Web Browser credentials to iris. I don't find any documentation. best regards Hannes
