Kerberized NFSv4 problems
Erich Weiler
weiler at soe.ucsc.edu
Mon Jun 19 14:56:46 EDT 2006
> Hmm... krb5cc_0 would seem to be root's Kerberos cache. Is NFS just
> being explicitly denied for root? Or is root otehrwise treated
> differently than normal user accounts? (I use OpenAFS myself, so I
> don't really know how this NFSv4 stuff works.)
NFS shouldn't be denied for root as far as I know... At least I hope
not, because when a user SSH'es in for example, the automounter (root
process) has got to be able to mount an NFSv4 home directory for that
user. Or maybe the automounter mounts it AS that user after a kerberos
ticket has been issued.... Not sure.
> Do you have some other kerberized services that you can test with? SSH
> perhaps? (The sshd on Solaris should support Kerberos out of the box.)
> It would help to see if this is a problem with Kerberos or a problem
> with NFS.
I can SSH in and SSH talks to PAM (pam_krb5.so.1 specifically) and I get
a ticket when SSH logs me in, so that looks cool.
As Kevin suggested, I tried checking KVNO version numbers on the nfs
principal and the keytab and the version numbers differ, maybe that is
the problem... I feel like I'm close by just one step away... :)
More information about the Kerberos
mailing list