NFSv4 + Kerberos + users
Kevin Coffman
kwc at citi.umich.edu
Tue Dec 4 11:30:30 EST 2007
My only guess is that there is another instance of rpc.gssd running
w/o the "-n" option?
On Dec 4, 2007 7:51 AM, Jan Sanders <jsanders at techfak.uni-bielefeld.de> wrote:
> Hello,
>
> I have tried to use the -n option of rpc.gssd.
>
> I use Debian/lenny, which comes shipped with nfs-utils 1.1
>
> I started rpc.gdds manually using
> rpc.gssd -vvvv -rrrr -n
>
> The manpage says about the rpc.gssd -n option:
> "By default, rpc.gssd treats accesses by the user with UID 0 specially,
> and uses "machine credentials" for all accesses by that user which
> require Kerberos authentication. With the -n option, "machine
> credentials" will not be used for accesses by UID 0. Instead,
> credentials must be obtained manually like all other users. Use of this
> option means that "root" must manually obtain Kerberos credentials
> before attempting to mount an nfs filesystem requiring Kerberos
> authentication."
>
> I have done so. As root I used
> kinit -p joeuser/nfstestuser at TECHFAK.UNI-BIELEFELD.DE
>
> klist output:
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: joeuser/nfstestuser at TECHFAK.UNI-BIELEFELD.DE
>
>
> When I now try to mount a dir using nfs4 -o sec=krb5 I can see by
> observing the packets that
> nfs/nfs2.nette.techfak.uni-bielefeld.de at TECHFAK.UNI-BIELEFELD.DE is
> used. /var/log/syslog is consistent with this observation.
> When I move the /etc/krb5.keytab away I get a permission denied.
>
> Am I missing something? How can I get rpc.gssd to actually use other
> than machine credentials. How can I specify which to use.
>
>
> TIA
>
> Jan Sanders
>
> _______________________________________________
> NFSv4 mailing list
> NFSv4 at linux-nfs.org
> http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
>
>
More information about the NFSv4
mailing list