Credential weirdness
Kevin Coffman
kwc at citi.umich.edu
Mon Oct 15 10:11:29 EDT 2007
On 10/13/07, Roberto C. Sánchez <roberto at connexer.com> wrote:
> Hello,
>
> I have encoutered some weirness with machine credentials (I think).
> Maybe someone can explain what is happenning.
>
> Here is my configuration:
>
> server1: exports user home directories via NFS using gss/krb5p
> server2: is the KDC and mounts the home directories as a client
> server3: just mounts the user home directories as a client
>
> Now, if server1 or server3 reboots, there is no problem. However, if
> server2 reboots, I must run kadmin on server1, remove the nfs/server1
> key from the local keytab and add it back in. Then I must restart the
> NFS service. After that server2 and server3 can again mount the home
> directories.
>
> Why is this. Is it because server2 is the KDC. But why would server2's
> reboot necessitate regenerating the nfs/server1 key on server1?
>
> Regards,
>
> -Roberto
Hello Roberto,
This sounds very strange. server2 is not storing the kerberos
database in NFS is it?
I'm assuming these are all Linux machines. If so, contact me off-list
with exact error messages that you encounter after rebooting server2.
K.C.
More information about the Kerberos
mailing list