NFSv4 seems to work, but share is empty

Kevin Coffman kwc at citi.umich.edu
Tue Dec 4 11:19:48 EST 2007 

See FAQ #6 at http://www.citi.umich.edu/projects/nfsv4/linux/faq/#kerberos

On Dec 4, 2007 11:03 AM, Norman Elton <normelton at gmail.com> wrote:
> Bruce,
>
> Thanks! Things seem to be working. It looks like root can mount the
> share, and kerberized users can access the directory.
>
> Interestingly, even if I "kdestroy" my ticket, I can still read/write
> files from the share. How is this possible? Does NFSv4 somehow cache
> my identity? Am I misunderstanding something?
>
> Thanks again for your help,
>
> Norman
>
>
>
> On Dec 4, 2007, at 9:58 AM, J. Bruce Fields wrote:
>
> > On Tue, Dec 04, 2007 at 09:03:31AM -0500, Norman Elton wrote:
> >> I've got NFSv4 all setup with Kerberos. Things seem to work fine. I
> >> can mount a share as root, but when I do an "ls" on it, it shows up
> >> as
> >> an empty directory.
> >>
> >> Am I missing something?
> >>
> >> Here's my configuration:
> >>
> >> ======= /etc/exports on the server:
> >> /exports/local       gss/
> >> krb5
> >> (rw,wdelay,root_squash,no_subtree_check,anonuid=65534,anongid=65534)
> >> /exports             gss/
> >> krb5
> >> (ro
> >> ,wdelay
> >> ,root_squash,no_subtree_check,fsid=0,anonuid=65534,anongid=65534)
> >
> > You probably just need to add the "crossmnt" option on /exports, to
> > tell
> > it to allow the client to cross the mountpoint to /exports/local.
> >
> > --b.
> >
> >>
> >> ======= keytab on the server:
> >>    2 host/server.fqdn at REALM (Triple DES cbc mode with HMAC/sha1)
> >>    2 host/server.fqdn at REALM (ArcFour with HMAC/md5)
> >>    2 host/server.fqdn at REALM (DES with HMAC/sha1)
> >>    2 host/server.fqdn at REALM (DES cbc mode with RSA-MD5)
> >>    5 nfs/server.fqdn at REALM (DES cbc mode with CRC-32)
> >>
> >> ======= keytab on the client:
> >>    3 host/client.fqdn at REALM (Triple DES cbc mode with HMAC/sha1)
> >>    3 host/client.fqdn at REALM (ArcFour with HMAC/md5)
> >>    3 host/client.fqdn at REALM (DES with HMAC/sha1)
> >>    3 host/client.fqdn at REALM (DES cbc mode with RSA-MD5)
> >>    3 root/client.fqdn at REALM (Triple DES cbc mode with HMAC/sha1)
> >>    3 root/client.fqdn at REALM (ArcFour with HMAC/md5)
> >>    3 root/client.fqdn at REALM (DES with HMAC/sha1)
> >>    3 root/client.fqdn at REALM (DES cbc mode with RSA-MD5)
> >>    5 nfs/client.fqdn at REALM (DES cbc mode with CRC-32)
> >>    6 nfs/client.fqdn at REALM (DES cbc mode with CRC-32)
> >>
> >> ======= mount command
> >> mount -t nfs4 -osec=krb5 server:/local /imports/
> >>
> >> Thanks for any advice!
> >>
> >> Norman Elton
> >> _______________________________________________
> >> NFSv4 mailing list
> >> NFSv4 at linux-nfs.org
> >> http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
>
> _______________________________________________
> NFSv4 mailing list
> NFSv4 at linux-nfs.org
> http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
>
>

More information about the NFSv4 mailing list