NFSv4 + Kerberos + users

Wed Dec 5 05:29:07 EST 2007

Kevin Coffman wrote:
> My only guess is that there is another instance of rpc.gssd running
> w/o the "-n" option?
>   
May have been the case. Anyway, after reboot it worked.

TNX

Jan Sanders

> On Dec 4, 2007 7:51 AM, Jan Sanders <jsanders at techfak.uni-bielefeld.de> wrote:
>   
>> Hello,
>>
>> I have tried to use the -n option of rpc.gssd.
>>
>> I use Debian/lenny, which comes shipped with nfs-utils 1.1
>>
>> I started rpc.gdds manually using
>> rpc.gssd -vvvv -rrrr -n
>>
>> The manpage says about the rpc.gssd -n option:
>> "By default, rpc.gssd treats accesses by the user with UID 0 specially,
>> and uses "machine credentials" for all accesses by that user  which
>> require  Kerberos authentication.  With the -n option, "machine
>> credentials" will not be used for accesses by UID 0.  Instead,
>> credentials must be obtained manually like all other users.  Use of this
>> option means that "root" must manually  obtain  Kerberos  credentials
>> before attempting to mount an nfs filesystem requiring Kerberos
>> authentication."
>>
>> I have done so. As root I used
>> kinit -p joeuser/nfstestuser at TECHFAK.UNI-BIELEFELD.DE
>>
>> klist output:
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: joeuser/nfstestuser at TECHFAK.UNI-BIELEFELD.DE
>>
>>
>> When I now try to mount a dir using nfs4 -o sec=krb5 I can see by
>> observing the packets that
>> nfs/nfs2.nette.techfak.uni-bielefeld.de at TECHFAK.UNI-BIELEFELD.DE is
>> used. /var/log/syslog is consistent with this observation.
>> When I move the /etc/krb5.keytab away I get a permission denied.
>>
>> Am I missing something? How can I get rpc.gssd to actually use other
>> than machine credentials. How can I specify which to use.
>>
>>
>> TIA
>>
>> Jan Sanders
>>
>> _______________________________________________
>> NFSv4 mailing list
>> NFSv4 at linux-nfs.org
>> http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
>>
>>
>>