rpc.gssd
Lukas Hejtmanek
xhejtman at ics.muni.cz
Mon Jun 30 11:12:19 EDT 2008
On Mon, Jun 30, 2008 at 11:08:30AM -0400, Kevin Coffman wrote:
> > root/<hostname>@<REALM>
> > nfs/<hostname>@<REALM>
> > host/<hostname>@<REALM>
> > root/<anyname>@<REALM>
> > nfs/<anyname>@<REALM>
> > host/<anyname>@<REALM>
=========
> >
> >
> > I have:
> > ktutil: rkt /etc/krb5.keytab
> > ktutil: list
> > slot KVNO Principal
> > ---- ----
> > ---------------------------------------------------------------------
> > 1 1 nfs/xhejtman at META
> > 2 1 nfs/xhejtman at META
> > 3 1 nfs/xhejtman at META
> > 4 1 nfs/xhejtman at META
> >
> > But rpc.gssd compains about none suitable entery in the keytab. Should it
> > work?
>
> rpc.gssd should be looking for the fully-qualified hostname, which is
> what should be in the keytab entry. What encryption types are these
> keys? (Only des-cbc-crc is currently supported.)
the point is that according to the man, the rpc.gssd should be looking for
{root,nfs,host}/fqdn at realm and if not found, it should be looking for
{root,nfs,host}/anyname as stated in the man page and as nfs-utils 1.1.1 do.
However, it seems that nfs-utils 1.1.2 do not honour the man page and look
only for {root,nfs,host}/fqdn at realm, do not look for /anyname any more.
So my question is, is this a bug or a feature?
--
Lukáš Hejtmánek
More information about the NFSv4
mailing list