kerberized NFS on OS X (gssd problem)

Richard E. Silverman res at qoxp.net
Sun Feb 10 00:13:02 EST 2008


>>>>> "JC" == John Caruso <johnSPAMcarAWAYuso at myprivacy.ca> writes:

    JC> On 2008-02-08, John Caruso <johnSPAMcarAWAYuso at myprivacy.ca> wrote:
    >> On 2008-02-08, Richard E. Silverman <res at qoxp.net> wrote:
>> I have found that kerberized NFSv3 does work, though.
    >> 
    >> That's the route I went as well.  And it not only works, but it
    >> works with just the behaviors I was looking for (files are created
    >> with the Kerberos principal rather than uid 501, they're assigned
    >> the same gid as the directory in which they're created, and
    >> mounting the filesystem requires only a user principal rather than
    >> full-blown host/nfs keys).

    JC> However, I have found that the Mac client generates warnings like
    JC> the following on the Netapp filer while it has the NFSv3/Kerberos
    JC> 5 mount in place, even if I'm not actively using the mount (and/or
    JC> the machine):

    JC>    Fri Feb 8 15:20:24 PST [nfsd.auth.status.bad:warning]: Client
    JC> a.b.c.d has an authentication error 14

    JC> They generally occur about 30 minutes apart, so perhaps there's
    JC> some process kicking off under OS X that's causing them.  Are you
    JC> seeing these as well (or analogous errors if you're not using a
    JC> Netapp filer as the NFS server)?

I'm afraid not -- although we have kerberized NFS running on NetApp, I'm
only working with Solaris NFS servers for this, and have seen nothing
similar.

    JC> - John

-- 
  Richard Silverman
  res at qoxp.net




More information about the Kerberos mailing list