NFSv4 seems to work, but share is empty

Norman Elton normelton at gmail.com
Tue Dec 4 11:03:30 EST 2007 

Bruce,

Thanks! Things seem to be working. It looks like root can mount the  
share, and kerberized users can access the directory.

Interestingly, even if I "kdestroy" my ticket, I can still read/write  
files from the share. How is this possible? Does NFSv4 somehow cache  
my identity? Am I misunderstanding something?

Thanks again for your help,

Norman


On Dec 4, 2007, at 9:58 AM, J. Bruce Fields wrote:

> On Tue, Dec 04, 2007 at 09:03:31AM -0500, Norman Elton wrote:
>> I've got NFSv4 all setup with Kerberos. Things seem to work fine. I
>> can mount a share as root, but when I do an "ls" on it, it shows up  
>> as
>> an empty directory.
>>
>> Am I missing something?
>>
>> Here's my configuration:
>>
>> ======= /etc/exports on the server:
>> /exports/local	gss/
>> krb5 
>> (rw,wdelay,root_squash,no_subtree_check,anonuid=65534,anongid=65534)
>> /exports      	gss/
>> krb5
>> (ro
>> ,wdelay 
>> ,root_squash,no_subtree_check,fsid=0,anonuid=65534,anongid=65534)
>
> You probably just need to add the "crossmnt" option on /exports, to  
> tell
> it to allow the client to cross the mountpoint to /exports/local.
>
> --b.
>
>>
>> ======= keytab on the server:
>>    2 host/server.fqdn at REALM (Triple DES cbc mode with HMAC/sha1)
>>    2 host/server.fqdn at REALM (ArcFour with HMAC/md5)
>>    2 host/server.fqdn at REALM (DES with HMAC/sha1)
>>    2 host/server.fqdn at REALM (DES cbc mode with RSA-MD5)
>>    5 nfs/server.fqdn at REALM (DES cbc mode with CRC-32)
>>
>> ======= keytab on the client:
>>    3 host/client.fqdn at REALM (Triple DES cbc mode with HMAC/sha1)
>>    3 host/client.fqdn at REALM (ArcFour with HMAC/md5)
>>    3 host/client.fqdn at REALM (DES with HMAC/sha1)
>>    3 host/client.fqdn at REALM (DES cbc mode with RSA-MD5)
>>    3 root/client.fqdn at REALM (Triple DES cbc mode with HMAC/sha1)
>>    3 root/client.fqdn at REALM (ArcFour with HMAC/md5)
>>    3 root/client.fqdn at REALM (DES with HMAC/sha1)
>>    3 root/client.fqdn at REALM (DES cbc mode with RSA-MD5)
>>    5 nfs/client.fqdn at REALM (DES cbc mode with CRC-32)
>>    6 nfs/client.fqdn at REALM (DES cbc mode with CRC-32)
>>
>> ======= mount command
>> mount -t nfs4 -osec=krb5 server:/local /imports/
>>
>> Thanks for any advice!
>>
>> Norman Elton
>> _______________________________________________
>> NFSv4 mailing list
>> NFSv4 at linux-nfs.org
>> http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4

More information about the NFSv4 mailing list