problems with sec=krb5
Rohit Kumar Mehta
rohitm at engr.uconn.edu
Wed Mar 28 11:03:46 EDT 2007
I just noticed that is is not showing my nfs clients service principal
nfs/cselin12.engr.uconn.edu at AD.ENGR.UCONN.EDU. Could that be related
to the problem?
I did create it in AD and add it to the /etc/krb5.keytab.
root at cselin12:/tmp# ktutil
ktutil: rkt /etc/krb5.keytab
ktutil: list
slot KVNO Principal
---- ----
---------------------------------------------------------------------
1 7 host/cselin12.engr.uconn.edu at AD.ENGR.UCONN.EDU
2 9 nfs/cselin12.engr.uconn.edu at AD.ENGR.UCONN.EDU
ktutil:
Also the krb5.conf looks like the following:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = AD.ENGR.UCONN.EDU
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com:88
admin_server = kerberos.example.com:749
default_domain = example.com
}
AD.ENGR.UCONN.EDU = {
# kdc = 137.99.15.76:88
# admin_server = 137.99.15.76:749
kdc = 137.99.15.62:88
admin_server = 137.99.15.62:749
}
[domain_realm]
.ad.engr.uconn.edu = AD.ENGR.UCONN.EDU
ad.engr.uconn.edu = AD.ENGR.UCONN.EDU
.engr.uconn.edu = AD.ENGR.UCONN.EDU
engr.uconn.edu = AD.ENGR.UCONN.EDU
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Rohit Kumar Mehta wrote:
> root at cselin12:/tmp# klist -c
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: rohitm at AD.ENGR.UCONN.EDU
>
> Valid starting Expires Service principal
> 03/27/07 12:56:39 03/27/07 22:59:12
> krbtgt/AD.ENGR.UCONN.EDU at AD.ENGR.UCONN.EDU
> renew until 03/28/07 12:56:39
> 03/27/07 12:59:13 03/27/07 22:59:12
> host/cselin12.engr.uconn.edu at AD.ENGR.UCONN.EDU
> renew until 03/28/07 12:56:39
>
>
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
More information about the NFSv4
mailing list