kerberized NFS on OS X (gssd problem)
Richard E. Silverman
res at qoxp.net
Fri Jan 18 00:37:16 EST 2008
This may be better directed to an OS X internals forum -- but it's worth
posting to these groups because it involves NFS and Kerberos. I'm trying
to use a Leopard machine as a kerberized NFSv4 client. I get this:
$ mount -v -t nfs -o vers=4.0alpha -o sec=krb5 server:/foo /foo
mount_nfs: /Users/res/foo: Authentication error
and I get this in the system log:
Jan 18 00:15:59 darwin kernel[0]: nfs_gss_clnt_gssd_upcall: gssd port not valid
Jan 18 00:15:59 darwin kernel[0]: nfs4_setclientid failed, 80
The kernel is making the expected upcall to gssd, but failing to
communicate with it. Now, gssd is started by launchd, which should be
listening on the gssd Mach port for this call. Indeed, the launchd
configuration for gssd,
/System/Library/LaunchDaemons/com.apple.gssd.plist, indicates it's
listening on task special port 8. And the xnu source shows that it should
be using the same port number:
[osfmk/mach/task_special_ports.h]
#define TASK_GSSD_PORT 8 /* GSSD port for security context */
But it's not working. Anyone run into this before, or have any ideas?
Thanks,
--
Richard Silverman
res at qoxp.net
More information about the Kerberos
mailing list