[one-users] Including private files in user's contextualization iso

Steven Timm timm at fnal.gov
Wed Mar 2 07:16:17 PST 2011


We would like to arrange that a certain system file
(for example, kerberos 5 host keytab or x509 host certificate and private
key)  be included in the contextualization iso of the
user at startup time.

It is of course possible to do this if these files are owned
and readable by the user, but we would like to set it up
so that these files are automatically added to all .iso
images, and do it if possible in such a way that they
are only readable by a system account such as root or oneadmin,
and not by the non-privileged user.  Can that be done?

Of course the user will get to see the keytab of his machine
once he logs into the machine, but we would then supply
a script to destroy the keytab on shutdown.

Any ideas on what to do here?

Currently we are using a pull script to pull them at boot time via 
ssl-encrypted wget from a central repository, but that requires that there
be some certificate pre-loaded in the VM with which to encrypt the ssl.

Steve timm


-- 
------------------------------------------------------------------
Steven C. Timm, Ph.D  (630) 840-8525
timm at fnal.gov  http://home.fnal.gov/~timm/
Fermilab Computing Division, Scientific Computing Facilities,
Grid Facilities Department, FermiGrid Services Group, Group Leader.
Lead of FermiCloud project.



More information about the Users mailing list