gssd fails to limit encryption types - config problem?

[Kevin Coffman]

I've mostly seen this on machines with more than one Kerberos
installation.  The kinit uses one version of Kerberos and gssd is
using another.  Is this a possiblility on the machines that are
failing?

Also make sure that /etc/gssapi-mech.conf has the right gssapi_krb5
library listed.

On 8/31/06, Frank Victor Fischer <fischer at td.mw.tum.de> wrote:
> Hi there,
>
> I'm running an NFS4 installation with sec=krb5 for the mounts. On a
> number of machines it works flawlessly, others display this problem when
> trying to mount upon login (via tty or via a displaymanager):
>
> Aug 31 11:08:12 pcduesentrieb rpc.gssd[3338]: handling krb5 upcall
> Aug 31 11:08:12 pcduesentrieb rpc.gssd[3338]: WARNING: error from
> gss_acquire_cred for user with uid 1090 (Success)
> Aug 31 11:08:12 pcduesentrieb rpc.gssd[3338]: WARNING: Failed while limiting
> krb5 encryption types for user with uid 1090
> Aug 31 11:08:12 pcduesentrieb rpc.gssd[3338]: WARNING: Failed to create krb5
> context for user with uid 1090 for server andromeda.td.mw.tum.de
> Aug 31 11:08:12 pcduesentrieb rpc.gssd[3338]: doing error downcall
>
>
> However, when one logs into the machine in question as root then does and "su user_with_uid_1090" and then kinits the user, it works. Any further "direct" logins with displaymanager or tty will work as well. This problem MIGHT reappear on reboot or it might not. There is no dependence on the credentials cache either (tried to run /tmp as tmpfs, same non-predictable behaviour).
>
> Clients are SUSE 10.1 with nfs-utils 1.0.7
> only encryption type for nfs/host.domain is des-cbc-crc:normal
>
> Anything more I can do to debug the problem?
>
> Victor
>
>
> _______________________________________________
> NFSv4 mailing list
> NFSv4 at linux-nfs.org
> http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
>
>