help getting kerberized nfs4 mounts working
Trond Myklebust
trond.myklebust at fys.uio.no
Sat May 10 13:13:01 EDT 2008
On Sat, 2008-05-10 at 11:13 -0400, Rohit Kumar Mehta wrote:
> Thanks
>
> I feel pretty confident that kerberos is used in the v3 case. I have
> just removed all sec=sys export from the NFS server, and retested
> and I am able to mount successfully. The one krb5/nfs3 export is
> the only remote filesystem mount on the client. However trying
> to mount the same filesystem sec=krb5, fstype=nfs4 still fails.
>
> I'll poke around in wireshark a little...
>
> Rohit
It isn't using kerberos when _mounting_ the NFSv3 filesystem. That's why
you can get away with broken machine creds. If you look at the tcpdump
trace you'll see that all the operations that go on the wire when
mounting are in auth_sys format.
As for your cross-realm issue: the rpc.gssd daemon is telling you that
it is looking for a cred in the AD.ENGR.UCONN.EDU realm, presumably
because your krb5.conf file is telling it that is the domain to which
filesm.ad.engr.uconn.edu belongs.
Try adding the lines
.ad.engr.uconn.edu = ENGR.UCONN.EDU
ad.engr.uconn.edu = ENGR.UCONN.EDU
to the [domain_realm] section (and wipe out any existing entries for
ad.engr.uconn.edu there).
Cheers
Trond
More information about the NFSv4
mailing list