kerberized NFS on OS X (gssd problem)
Richard E. Silverman
res at qoxp.net
Sun Feb 10 00:13:02 EST 2008
>>>>> "JC" == John Caruso <johnSPAMcarAWAYuso at myprivacy.ca> writes:
JC> On 2008-02-08, John Caruso <johnSPAMcarAWAYuso at myprivacy.ca> wrote:
>> On 2008-02-08, Richard E. Silverman <res at qoxp.net> wrote:
>> I have found that kerberized NFSv3 does work, though.
>>
>> That's the route I went as well. And it not only works, but it
>> works with just the behaviors I was looking for (files are created
>> with the Kerberos principal rather than uid 501, they're assigned
>> the same gid as the directory in which they're created, and
>> mounting the filesystem requires only a user principal rather than
>> full-blown host/nfs keys).
JC> However, I have found that the Mac client generates warnings like
JC> the following on the Netapp filer while it has the NFSv3/Kerberos
JC> 5 mount in place, even if I'm not actively using the mount (and/or
JC> the machine):
JC> Fri Feb 8 15:20:24 PST [nfsd.auth.status.bad:warning]: Client
JC> a.b.c.d has an authentication error 14
JC> They generally occur about 30 minutes apart, so perhaps there's
JC> some process kicking off under OS X that's causing them. Are you
JC> seeing these as well (or analogous errors if you're not using a
JC> Netapp filer as the NFS server)?
I'm afraid not -- although we have kerberized NFS running on NetApp, I'm
only working with Solaris NFS servers for this, and have seen nothing
similar.
JC> - John
--
Richard Silverman
res at qoxp.net
More information about the Kerberos
mailing list