sudospawner tries to open nfs mounted home folder without kerberos ticket -> fails

[tobiasjj]

I'm succesfully using the jupyterhub-example with the extra classes KerberosPAMAuthenticator and KerberosSudoSpawner on a kerberized system with NFS automounted user folders. It works great!

However, initially trying to start a notebook in a web browser failed with a "pid" error. The reason is the following: The sudospawner tries to start the file /usr/local/bin/sudospawner-singleuser in a new subprocess owned by the user, who tries to start a notebook server (see file /usr/local/lib/python3.5/dist-packages/sudospawner/mediator.py line 104):

p = Popen(cmd, env=env,
      cwd=os.path.expanduser('~'),
      stdout=sys.stderr.fileno(),
) 

The parameter cwd=os.path.expanduser('~') tells the process to start in the user's home folder. This fails on a system, where the NFS home directories are mounted via a kerberized NFS. The unprivileged jupyterhub user, owning the sudospawner process, does not have the appropriate Kerberos ticket to mount/access the NFS share, and unfortunately, the credential cache for the user should be created not until later in the file /usr/local/bin/sudospawner-singleuser.

(Dirty) workaround, that works for me: Change the parameter cwd in the Popen call to point to the systems temp folder, and change into the user's home folder in the file /usr/local/bin/sudospawner-singleuser via a simple cd , after the credential cache has been created.

System infos: Debian Stretch kerberized NFSv4 with automounted user folders Python 3.5 jupyterhub (0.7.2) notebook (5.0.0) sudospawner (0.3.0)