NFS4 with gss/krb5i not working with automount and forwarded tickets via sshd
Evan Woolley
evan at woolleyfamily.com
Fri Sep 21 12:46:50 EDT 2007
On Fri, 2007-09-21 at 08:43 -0400, Kevin Coffman wrote:
> OK, I'm still not seeing the problem. Could you enable the
> librpcsecgss debugging within rpc.gssd (using "-rrrrr")? That should
> print the name it is trying to authenticate to, and might give a clue
> what realm it thinks that the server is in.
>
> K.C.
I don't know if that reviled any more information. Sorry for the length
of the logs. I realized I was not included the first portion of the
failed attempts.
[root at testclient ~]# ps -ef | grep gssd
root 1720 1 0 12:22 ? 00:00:02 rpc.gssd -vvv
-rrrrr
root 2251 2023 0 12:30 pts/0 00:00:00 grep gssd
Failed attempt using forwarded GSSAPI ticket:
Using username "Testuser".
Using GSSAPI service principal name
"host/testclient.example.com".
Last login: Fri Sep 21 12:20:25 2007 from
utewoolley3.example.com
Could not chdir to home directory /home/ITTeam/Testuser:
Permission denied
-bash: /home/ITTeam/Testuser/.bash_profile: Permission denied
-bash-3.1$ cd /tmp
-bash-3.1$ ll
total 8
-rw------- 1 Testuser IT 1213 Sep 21 12:23
krb5cc_10001_ejTUlz2063
-bash-3.1$ klist -ef
Ticket cache: FILE:/tmp/krb5cc_10001_ejTUlz2063
Default principal: Testuser at EXAMPLE.COM
Valid starting Expires Service principal
09/21/07 11:21:57 09/21/07 21:21:43
krbtgt/EXAMPLE.COM at EXAMPLE.COM
renew until 09/28/07 11:21:43, Flags: FfRA
Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with
HMAC/md5
Kerberos 4 ticket cache: /tmp/tkt10001
klist: You have no tickets cached
-bash-3.1$
Sep 21 12:23:36 testclient kernel: audit(1190391816.606:7): avc:
denied {
read } for pid=2065 comm="automount" name="auto.ITTeam"
dev=dm-0 ino=813322
scontext=system_u:system_r:automount_t:s0
tcontext=root:object_r:tmp_t:s0
tclass=file
Sep 21 12:23:37 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:37 testclient rpc.gssd[1720]: Using keytab file
'/etc/krb5.keytab'
Sep 21 12:23:37 testclient rpc.gssd[1720]: INFO: Credentials in
CC
'MEMORY:/tmp/krb5cc_machine_EXAMPLE.COM' are good until
1190427629
Sep 21 12:23:37 testclient rpc.gssd[1720]: using
MEMORY:/tmp/krb5cc_machine_EXAMPLE.COM as credentials cache for
machine
creds
Sep 21 12:23:37 testclient rpc.gssd[1720]: using environment
variable to
select krb5 ccache MEMORY:/tmp/krb5cc_machine_EXAMPLE.COM
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating context
using fsuid 0
(save_uid 0)
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating tcp client
for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating context with
server
nfs at itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: DEBUG:
serialize_krb5_ctx: lucid
version!
Sep 21 12:23:37 testclient rpc.gssd[1720]:
prepare_krb5_rfc1964_buffer:
serializing keys with enctype 4 and length 8
Sep 21 12:23:37 testclient rpc.gssd[1720]: doing downcall
Sep 21 12:23:37 testclient kernel: SELinux: initialized (dev
0:18, type
nfs4), uses genfs_contexts
Sep 21 12:23:37 testclient kernel: audit(1190391817.740:8): avc:
denied {
getattr } for pid=1900 comm="hald" name="auto.ITTeam" dev=dm-0
ino=813322
scontext=system_u:system_r:hald_t:s0
tcontext=root:object_r:tmp_t:s0
tclass=file
Sep 21 12:23:37 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:37 testclient rpc.gssd[1720]: getting credentials
for client
with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
being considered
Sep 21 12:23:37 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
matches name check and has mtime of 1190391816
Sep 21 12:23:37 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_ejTUlz2063 as credentials cache for
client with uid
10001 for server itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: using environment
variable to
select krb5 ccache FILE:/tmp/krb5cc_10001_ejTUlz2063
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating context
using fsuid
10001 (save_uid 0)
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating tcp client
for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating context with
server
nfs at itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: rpcsec_gss:
gss_init_sec_context:
(major) Unspecified GSS failure. Minor code may provide more
information -
(minor) Cannot find ticket for requested realm
Sep 21 12:23:37 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: doing error downcall
Sep 21 12:23:37 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:37 testclient rpc.gssd[1720]: getting credentials
for client
with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
being considered
Sep 21 12:23:37 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
matches name check and has mtime of 1190391816
Sep 21 12:23:37 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_ejTUlz2063 as credentials cache for
client with uid
10001 for server itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: using environment
variable to
select krb5 ccache FILE:/tmp/krb5cc_10001_ejTUlz2063
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating context
using fsuid
10001 (save_uid 0)
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating tcp client
for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating context with
server
nfs at itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: rpcsec_gss:
gss_init_sec_context:
(major) Unspecified GSS failure. Minor code may provide more
information -
(minor) Cannot find ticket for requested realm
Sep 21 12:23:37 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: doing error downcall
Sep 21 12:23:37 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:37 testclient rpc.gssd[1720]: getting credentials
for client
with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
being considered
Sep 21 12:23:37 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
matches name check and has mtime of 1190391816
Sep 21 12:23:37 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_ejTUlz2063 as credentials cache for
client with uid
10001 for server itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: using environment
variable to
select krb5 ccache FILE:/tmp/krb5cc_10001_ejTUlz2063
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating context
using fsuid
10001 (save_uid 0)
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating tcp client
for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating context with
server
nfs at itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: rpcsec_gss:
gss_init_sec_context:
(major) Unspecified GSS failure. Minor code may provide more
information -
(minor) Cannot find ticket for requested realm
Sep 21 12:23:37 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: doing error downcall
Sep 21 12:23:37 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:37 testclient rpc.gssd[1720]: getting credentials
for client
with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
being considered
Sep 21 12:23:37 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
matches name check and has mtime of 1190391816
Sep 21 12:23:37 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_ejTUlz2063 as credentials cache for
client with uid
10001 for server itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: using environment
variable to
select krb5 ccache FILE:/tmp/krb5cc_10001_ejTUlz2063
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating context
using fsuid
10001 (save_uid 0)
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating tcp client
for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating context with
server
nfs at itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: rpcsec_gss:
gss_init_sec_context:
(major) Unspecified GSS failure. Minor code may provide more
information -
(minor) Cannot find ticket for requested realm
Sep 21 12:23:37 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: doing error downcall
Sep 21 12:23:37 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:37 testclient rpc.gssd[1720]: getting credentials
for client
with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
being considered
Sep 21 12:23:37 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
matches name check and has mtime of 1190391816
Sep 21 12:23:37 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_ejTUlz2063 as credentials cache for
client with uid
10001 for server itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: using environment
variable to
select krb5 ccache FILE:/tmp/krb5cc_10001_ejTUlz2063
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating context
using fsuid
10001 (save_uid 0)
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating tcp client
for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating context with
server
nfs at itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: rpcsec_gss:
gss_init_sec_context:
(major) Unspecified GSS failure. Minor code may provide more
information -
(minor) Cannot find ticket for requested realm
Sep 21 12:23:37 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: doing error downcall
Sep 21 12:23:37 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:37 testclient rpc.gssd[1720]: getting credentials
for client
with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
being considered
Sep 21 12:23:37 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
matches name check and has mtime of 1190391816
Sep 21 12:23:37 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_ejTUlz2063 as credentials cache for
client with uid
10001 for server itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: using environment
variable to
select krb5 ccache FILE:/tmp/krb5cc_10001_ejTUlz2063
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating context
using fsuid
10001 (save_uid 0)
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating tcp client
for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating context with
server
nfs at itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: rpcsec_gss:
gss_init_sec_context:
(major) Unspecified GSS failure. Minor code may provide more
information -
(minor) Cannot find ticket for requested realm
Sep 21 12:23:37 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: doing error downcall
Sep 21 12:23:37 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:37 testclient rpc.gssd[1720]: getting credentials
for client
with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
being considered
Sep 21 12:23:37 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
matches name check and has mtime of 1190391816
Sep 21 12:23:37 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_ejTUlz2063 as credentials cache for
client with uid
10001 for server itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: using environment
variable to
select krb5 ccache FILE:/tmp/krb5cc_10001_ejTUlz2063
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating context
using fsuid
10001 (save_uid 0)
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating tcp client
for server
itteam-nfs1.example.com
Sep 21 12:23:37 testclient rpc.gssd[1720]: creating context with
server
nfs at itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: rpcsec_gss:
gss_init_sec_context:
(major) Unspecified GSS failure. Minor code may provide more
information -
(minor) Cannot find ticket for requested realm
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: doing error downcall
Sep 21 12:23:38 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:38 testclient rpc.gssd[1720]: getting credentials
for client
with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
being considered
Sep 21 12:23:38 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
matches name check and has mtime of 1190391816
Sep 21 12:23:38 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_ejTUlz2063 as credentials cache for
client with uid
10001 for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: using environment
variable to
select krb5 ccache FILE:/tmp/krb5cc_10001_ejTUlz2063
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating context
using fsuid
10001 (save_uid 0)
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating tcp client
for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating context with
server
nfs at itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: rpcsec_gss:
gss_init_sec_context:
(major) Unspecified GSS failure. Minor code may provide more
information -
(minor) Cannot find ticket for requested realm
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: doing error downcall
Sep 21 12:23:38 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:38 testclient rpc.gssd[1720]: getting credentials
for client
with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
being considered
Sep 21 12:23:38 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
matches name check and has mtime of 1190391816
Sep 21 12:23:38 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_ejTUlz2063 as credentials cache for
client with uid
10001 for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: using environment
variable to
select krb5 ccache FILE:/tmp/krb5cc_10001_ejTUlz2063
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating context
using fsuid
10001 (save_uid 0)
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating tcp client
for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating context with
server
nfs at itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: rpcsec_gss:
gss_init_sec_context:
(major) Unspecified GSS failure. Minor code may provide more
information -
(minor) Cannot find ticket for requested realm
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: doing error downcall
Sep 21 12:23:38 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:38 testclient rpc.gssd[1720]: getting credentials
for client
with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
being considered
Sep 21 12:23:38 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
matches name check and has mtime of 1190391816
Sep 21 12:23:38 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_ejTUlz2063 as credentials cache for
client with uid
10001 for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: using environment
variable to
select krb5 ccache FILE:/tmp/krb5cc_10001_ejTUlz2063
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating context
using fsuid
10001 (save_uid 0)
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating tcp client
for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating context with
server
nfs at itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: rpcsec_gss:
gss_init_sec_context:
(major) Unspecified GSS failure. Minor code may provide more
information -
(minor) Cannot find ticket for requested realm
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: doing error downcall
Sep 21 12:23:38 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:38 testclient rpc.gssd[1720]: getting credentials
for client
with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
being considered
Sep 21 12:23:38 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
matches name check and has mtime of 1190391816
Sep 21 12:23:38 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_ejTUlz2063 as credentials cache for
client with uid
10001 for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: using environment
variable to
select krb5 ccache FILE:/tmp/krb5cc_10001_ejTUlz2063
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating context
using fsuid
10001 (save_uid 0)
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating tcp client
for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating context with
server
nfs at itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: rpcsec_gss:
gss_init_sec_context:
(major) Unspecified GSS failure. Minor code may provide more
information -
(minor) Cannot find ticket for requested realm
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: doing error downcall
Sep 21 12:23:38 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:38 testclient rpc.gssd[1720]: getting credentials
for client
with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
being considered
Sep 21 12:23:38 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
matches name check and has mtime of 1190391816
Sep 21 12:23:38 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_ejTUlz2063 as credentials cache for
client with uid
10001 for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: using environment
variable to
select krb5 ccache FILE:/tmp/krb5cc_10001_ejTUlz2063
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating context
using fsuid
10001 (save_uid 0)
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating tcp client
for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating context with
server
nfs at itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: rpcsec_gss:
gss_init_sec_context:
(major) Unspecified GSS failure. Minor code may provide more
information -
(minor) Cannot find ticket for requested realm
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: doing error downcall
Sep 21 12:23:38 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:38 testclient rpc.gssd[1720]: getting credentials
for client
with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063' being considered
Sep 21 12:23:38 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
matches name check and has mtime of 1190391816
Sep 21 12:23:38 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_ejTUlz2063 as credentials cache for
client with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: using environment
variable to select krb5 ccache
FILE:/tmp/krb5cc_10001_ejTUlz2063
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating context
using fsuid 10001 (save_uid 0)
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating tcp client
for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating context with
server nfs at itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: rpcsec_gss:
gss_init_sec_context: (major) Unspecified GSS failure. Minor
code may provide more information - (minor) Cannot find ticket
for requested realm
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5 context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5 context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: doing error downcall
Sep 21 12:23:38 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:38 testclient rpc.gssd[1720]: getting credentials
for clientwith uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063' being considered
Sep 21 12:23:38 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063' matches name check and has mtime of
1190391816
Sep 21 12:23:38 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_ejTUlz2063 as credentials cache for
client with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: using environment
variable to select krb5 ccache
FILE:/tmp/krb5cc_10001_ejTUlz2063
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating context
using fsuid 10001 (save_uid 0)
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating tcp client
for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating context with
server nfs at itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: rpcsec_gss:
gss_init_sec_context: (major) Unspecified GSS failure. Minor
code may provide more information - (minor) Cannot find ticket
for requested realm
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5 context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5 context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: doing error downcall
Sep 21 12:23:38 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:38 testclient rpc.gssd[1720]: getting credentials
for client with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063' being considered
Sep 21 12:23:38 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063' matches name check and has mtime of
1190391816
Sep 21 12:23:38 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_ejTUlz2063 as credentials cache for
client with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: using environment
variable to select krb5 ccache
FILE:/tmp/krb5cc_10001_ejTUlz2063
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating context
using fsuid 10001 (save_uid 0)
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating tcp client
for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating context with
server nfs at itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: rpcsec_gss:
gss_init_sec_context: (major) Unspecified GSS failure. Minor
code may provide more information - (minor) Cannot find ticket
for requested realm
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5
context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: doing error downcall
Sep 21 12:23:38 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:38 testclient rpc.gssd[1720]: getting credentials
for client
with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
being considered Sep 21 12:23:38 testclient rpc.gssd[1720]: CC
file 'krb5cc_10001_ejTUlz2063' matches name check and has mtime
of 1190391816
Sep 21 12:23:38 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_ejTUlz2063 as credentials cache for
client with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: using environment
variable to select krb5 ccache
FILE:/tmp/krb5cc_10001_ejTUlz2063
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating context
using fsuid 10001 (save_uid 0)
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating tcp client
for server itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: creating context with
server nfs at itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: rpcsec_gss:
gss_init_sec_context: (major) Unspecified GSS failure. Minor
code may provide more information - (minor) Cannot find ticket
for requested realm
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5 context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5 context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:38 testclient rpc.gssd[1720]: doing error downcall
Sep 21 12:23:51 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:51 testclient rpc.gssd[1720]: getting credentials
for client with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:51 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063' being considered
Sep 21 12:23:51 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063' matches name check and has mtime of
1190391816
Sep 21 12:23:51 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_ejTUlz2063 as credentials cache for
client with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:51 testclient rpc.gssd[1720]: using environment
variable to select krb5 ccache
FILE:/tmp/krb5cc_10001_ejTUlz2063
Sep 21 12:23:51 testclient rpc.gssd[1720]: creating context
using fsuid 10001 (save_uid 0)
Sep 21 12:23:51 testclient rpc.gssd[1720]: creating tcp client
for server itteam-nfs1.example.com
Sep 21 12:23:51 testclient rpc.gssd[1720]: creating context with
server nfs at itteam-nfs1.example.com
Sep 21 12:23:51 testclient rpc.gssd[1720]: rpcsec_gss:
gss_init_sec_context: (major) Unspecified GSS failure. Minor
code may provide more information - (minor) Cannot find ticket
for requested realm
Sep 21 12:23:51 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5 context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:51 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5 context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:51 testclient rpc.gssd[1720]: doing error downcall
Sep 21 12:23:51 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:23:51 testclient rpc.gssd[1720]: getting credentials
for client with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:51 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063' being considered
Sep 21 12:23:51 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_ejTUlz2063'
matches name check and has mtime of 1190391816
Sep 21 12:23:51 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_ejTUlz2063 as credentials cache for
client with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:23:51 testclient rpc.gssd[1720]: using environment
variable to select krb5 ccache
FILE:/tmp/krb5cc_10001_ejTUlz2063
Sep 21 12:23:51 testclient rpc.gssd[1720]: creating context
using fsuid 10001 (save_uid 0)
Sep 21 12:23:51 testclient rpc.gssd[1720]: creating tcp client
for server itteam-nfs1.example.com
Sep 21 12:23:51 testclient rpc.gssd[1720]: creating context with
server nfs at itteam-nfs1.example.com
Sep 21 12:23:51 testclient rpc.gssd[1720]: rpcsec_gss:
gss_init_sec_context: (major) Unspecified GSS failure. Minor
code may provide more information - (minor) Cannot find ticket
for requested realm
Sep 21 12:23:51 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5 context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:51 testclient rpc.gssd[1720]: WARNING: Failed to
create krb5 context for user with uid 10001 for server
itteam-nfs1.example.com
Sep 21 12:23:51 testclient rpc.gssd[1720]: doing error downcall
Successful attempt with locally requested ticket.
login as: Testuser
Testuser at 10.10.0.209's password:
Last login: Fri Sep 21 12:23:37 2007 from
utewoolley3.example.com
[Testuser at testclient ~]$ cd /tmp
[Testuser at testclient tmp]$ ll
total 8
-rw------- 1 Testuser IT 2505 Sep 21 12:25 krb5cc_10001_OrTJ39
[Testuser at testclient tmp]$ klist -ef
Ticket cache: FILE:/tmp/krb5cc_10001_OrTJ39
Default principal: Testuser at EXAMPLE.COM
Valid starting Expires Service principal
09/21/07 12:25:52 09/21/07 22:23:35
krbtgt/EXAMPLE.COM at EXAMPLE.COM
renew until 09/21/07 22:25:52, Flags: FRIA
Etype (skey, tkt): DES cbc mode with RSA-MD5, ArcFour
with HMAC/md5
09/21/07 12:23:36 09/21/07 22:23:35
nfs/itteam-nfs1.example.com at EXAMPLE.COM
renew until 09/21/07 22:25:52, Flags: FRAO
Etype (skey, tkt): DES cbc mode with CRC-32, ArcFour
with HMAC/md5
Kerberos 4 ticket cache: /tmp/tkt10001
klist: You have no tickets cached
[Testuser at testclient tmp]$
Sep 21 12:25:53 testclient rpc.gssd[1720]: handling krb5 upcall
Sep 21 12:25:53 testclient rpc.gssd[1720]: getting credentials
for client with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:25:53 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_OrTJ39' being considered
Sep 21 12:25:53 testclient rpc.gssd[1720]: CC file
'krb5cc_10001_OrTJ39'
matches name check and has mtime of 1190391952
Sep 21 12:25:53 testclient rpc.gssd[1720]: using
FILE:/tmp/krb5cc_10001_OrTJ39 as credentials cache for client
with uid 10001 for server itteam-nfs1.example.com
Sep 21 12:25:53 testclient rpc.gssd[1720]: using environment
variable to select krb5 ccache FILE:/tmp/krb5cc_10001_OrTJ39
Sep 21 12:25:53 testclient rpc.gssd[1720]: creating context
using fsuid 10001 (save_uid 0)
Sep 21 12:25:53 testclient rpc.gssd[1720]: creating tcp client
for server itteam-nfs1.example.com
Sep 21 12:25:53 testclient rpc.gssd[1720]: creating context with
server
nfs at itteam-nfs1.example.com
Sep 21 12:25:56 testclient rpc.gssd[1720]: DEBUG:
serialize_krb5_ctx: lucid version!
Sep 21 12:25:56 testclient rpc.gssd[1720]:
prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and
length 8
Sep 21 12:25:56 testclient rpc.gssd[1720]: doing downcall
Sep 21 12:25:57 testclient ntpd[1825]: synchronized to LOCAL(0),
stratum 5
Sep 21 12:25:57 testclient ntpd[1825]: kernel time sync enabled
0001
More information about the NFSv4
mailing list