rpc.gssd
Kevin Coffman
kwc at umich.edu
Mon Jun 30 11:08:30 EDT 2008
On Mon, Jun 30, 2008 at 10:49 AM, Lukas Hejtmanek <xhejtman at ics.muni.cz> wrote:
> Hello,
>
> does rpc.gssd version 1.1.2 stil honours the man page regarding keytab?
>
> -k keytab
> Tells rpc.gssd to use the keys found in keytab to obtain
> "machine credentials". The default value is "/etc/krb5.keytab".
>
> Previous versions of rpc.gssd used only "nfs/*" keys found
> within the keytab. To be more consistent with other implementa‐
> tions, we now look for specific keytab entries. The search
> order for keytabs to be used for "machine credentials" is now:
> root/<hostname>@<REALM>
> nfs/<hostname>@<REALM>
> host/<hostname>@<REALM>
> root/<anyname>@<REALM>
> nfs/<anyname>@<REALM>
> host/<anyname>@<REALM>
>
>
> I have:
> ktutil: rkt /etc/krb5.keytab
> ktutil: list
> slot KVNO Principal
> ---- ----
> ---------------------------------------------------------------------
> 1 1 nfs/xhejtman at META
> 2 1 nfs/xhejtman at META
> 3 1 nfs/xhejtman at META
> 4 1 nfs/xhejtman at META
>
> But rpc.gssd compains about none suitable entery in the keytab. Should it
> work?
rpc.gssd should be looking for the fully-qualified hostname, which is
what should be in the keytab entry. What encryption types are these
keys? (Only des-cbc-crc is currently supported.)
More information about the NFSv4
mailing list