Credential weirdness

Kevin Coffman kwc at citi.umich.edu
Mon Oct 15 10:11:29 EDT 2007


On 10/13/07, Roberto C. Sánchez <roberto at connexer.com> wrote:
> Hello,
>
> I have encoutered some weirness with machine credentials (I think).
> Maybe someone can explain what is happenning.
>
> Here is my configuration:
>
>  server1: exports user home directories via NFS using gss/krb5p
>  server2: is the KDC and mounts the home directories as a client
>  server3: just mounts the user home directories as a client
>
> Now, if server1 or server3 reboots, there is no problem.  However, if
> server2 reboots, I must run kadmin on server1, remove the nfs/server1
> key from the local keytab and add it back in.  Then I must restart the
> NFS service.  After that server2 and server3 can again mount the home
> directories.
>
> Why is this.  Is it because server2 is the KDC.  But why would server2's
> reboot necessitate regenerating the nfs/server1 key on server1?
>
> Regards,
>
> -Roberto

Hello Roberto,
This sounds very strange.  server2 is not storing the kerberos
database in NFS is it?

I'm assuming these are all Linux machines.  If so, contact me off-list
with exact error messages that you encounter after rebooting server2.

K.C.




More information about the Kerberos mailing list