NFSv4 with sec=krb5 mounts not working under Solaris

Nicolas Williams Nicolas.Williams at sun.com
Fri May 26 13:30:44 EDT 2006


On Fri, May 26, 2006 at 07:38:52AM -0700, Erich Weiler wrote:
> I'll blow out my dev box and re-install using Sun's SEAM krb5 and see if 
> that helps.  I have a feeling it will.

Just so we're absolutely clear: you cannot just replace Solaris'
implementation of anything.  You can install alternatives "alongside"
(i.e., in different locations, such as /opt, /usr/local, etc...).

This probably applies to other OSes generally.

So, if there's some functionality in MIT krb5 that just have to have
that Solaris 10 doesn't have, then you could configure/build/install MIT
krb5 into, say, /usr/local (i.e., ./configure --prefix=/usr/local ...)
and then configure/build/install whatever applications needed MIT krb5
and be happy.

But really, you should understand why you want to do this at all. 

This isn't a very good reason, for example:

> We were using MIT krb5 because all of the other platforms on our network 
> (mostly different flavors of linux) were using MIT krb5, so I thought we 
> should use it on the Suns as well just for the sake of homogeneity. 

Solaris 10's krb5 support is very good, and it's integrated with the
Solaris cryptographic framework, and what not.

> Sun's version of LDAP had a very tough time reading our OpenLDAP server 
> so we had to build/use OpenLDAP on Solaris instead of the Solaris native 
> LDAP.  I thought a similar line of thinking would work for krb5.  It 
> looks like I thought wrong.  :)

Do you mean that Solaris 10's nss_ldap didn't work against your
directory?  Or something else?

If the former, did you replace nss_ldap, and what with?

We'd love to hear much more about this, though an OpenSolaris
mailing list, specifically the sparks-discuss list, would be a better
forum (we don't need to spam kerberos at mit.edu readers):

http://www.opensolaris.org/jive/forum.jspa?forumID=119
http://mail.opensolaris.org/mailman/listinfo/sparks-discuss

or the opensolaris-bugs list:

http://www.opensolaris.org/jive/forum.jspa?forumID=11
http://mail.opensolaris.org/mailman/listinfo/opensolaris-bugs


Nico
-- 



More information about the Kerberos mailing list