rpc.gssd
Kevin Coffman
kwc at umich.edu
Mon Jun 30 11:17:55 EDT 2008
2008/6/30 Lukas Hejtmanek <xhejtman at ics.muni.cz>:
> On Mon, Jun 30, 2008 at 11:08:30AM -0400, Kevin Coffman wrote:
>> > root/<hostname>@<REALM>
>> > nfs/<hostname>@<REALM>
>> > host/<hostname>@<REALM>
>> > root/<anyname>@<REALM>
>> > nfs/<anyname>@<REALM>
>> > host/<anyname>@<REALM>
> =========
>
>
>> >
>> >
>> > I have:
>> > ktutil: rkt /etc/krb5.keytab
>> > ktutil: list
>> > slot KVNO Principal
>> > ---- ----
>> > ---------------------------------------------------------------------
>> > 1 1 nfs/xhejtman at META
>> > 2 1 nfs/xhejtman at META
>> > 3 1 nfs/xhejtman at META
>> > 4 1 nfs/xhejtman at META
>> >
>> > But rpc.gssd compains about none suitable entery in the keytab. Should it
>> > work?
>>
>> rpc.gssd should be looking for the fully-qualified hostname, which is
>> what should be in the keytab entry. What encryption types are these
>> keys? (Only des-cbc-crc is currently supported.)
>
> the point is that according to the man, the rpc.gssd should be looking for
> {root,nfs,host}/fqdn at realm and if not found, it should be looking for
> {root,nfs,host}/anyname as stated in the man page and as nfs-utils 1.1.1 do.
>
> However, it seems that nfs-utils 1.1.2 do not honour the man page and look
> only for {root,nfs,host}/fqdn at realm, do not look for /anyname any more.
>
> So my question is, is this a bug or a feature?
If that is correct, it is a bug.
More information about the NFSv4
mailing list