rpc.svcgssd -- No principal in keytab...

Fernandez, Nestor nestor_fernandez at hp.com
Thu Sep 21 14:09:32 EDT 2006 

Kevin,
We met at the bakeathon last week. While at the NFSv4 bakeathon, we ran
into a problem w/ our HP-UX client and a Linux server.  I'm trying to
set up a LInux box as an NFSv4 server over here and am running into
problems.  I have a kerberos server already running.  Searching Google
showed others have run into the problem so I was hoping I could get some
help.
 
I have installed RH EL, my kernel is vmlinuz-2.6.9-11.EL.  Whey I try
running 
 
rpc.svcgssd -f -vvv 
 
I get:
 
WARNING: unable to locate function krb5_gss_internal_release_oid in krb5
mechanism library: there will be problems if multiple mechanisms are
used!
ERROR: GSS-API: error in gss_acquire_cred(): Miscellaneous failure - No
principal in keytab matches desired name
unable to obtain root (machine) credentials
do you have a keytab entry for nfs/<your.host>@<YOUR.REALM> in
/etc/krb5.keytab?
[root at nf73415a ~]# rpc.svcgssd -f -vvv
WARNING: unable to locate function krb5_gss_internal_release_oid in krb5
mechanism library: there will be problems if multiple mechanisms are
used!
ERROR: GSS-API: error in gss_acquire_cred(): Miscellaneous failure - No
principal in keytab matches desired name
unable to obtain root (machine) credentials
do you have a keytab entry for nfs/<your.host>@<YOUR.REALM> in
/etc/krb5.keytab?
 
A message from Bruce says that the Warning can be ignored however the
ERROR is a bit more sever.  I think I have things (mostly :) ) set up
correctly.  If I do a klist -k, I see my nfs ticket:
 
KVNO Principal
----
------------------------------------------------------------------------
--
   1 nfs/nf73415a.americas.hpqcorp.net at HPNFS043.CUP.HP.COM
   1 root/nf73415a.americas.hpqcorp.net at HPNFS043.CUP.HP.COM

The one wrinkle here is that the kdc machine in the cup.hp.com domain
whereas my NFSv4 server (and client) are in americas.hpqcorp.net domain.
I modified the kdc.realm file on the kdc machine to allow both domains.
 
Any help or pointers woudl be greatly appreciated.
Nestor
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://linux-nfs.org/pipermail/nfsv4/attachments/20060921/f6de3b3e/attachment.htm

More information about the NFSv4 mailing list