Solaris 10, secure nfs, permission denied

Douglas E. Engert deengert at anl.gov
Thu May 15 13:40:30 EDT 2008



Jeff Blaine wrote:
> If anyone has any idea what I am doing wrong here, please
> chime in.
> 
> ~:barnowl> uname -a
> SunOS barnowl.foo.com 5.10 Generic_127127-11 sun4u sparc
> SUNW,Sun-Fire-V240
> ~:barnowl> sudo klist -e -k /etc/krb5.keytab | grep nfs
>     3 nfs/barnowl.foo.com at RCF.FOO.COM (DES cbc mode with CRC-32)
>     4 nfs/crete.foo.com at RCF.FOO.COM (DES cbc mode with CRC-32)

Why does barnowl have a keytab entry for crete in its keytab?

> ~:barnowl> sudo share
> -               /usr   sec=krb5:krb5i:krb5p   ""
> ~:barnowl>
> 
> 
> ~:crete> uname -a
> SunOS crete.foo.com 5.10 Generic_118833-36 sun4v sparc SUNW,Sun-Fire-T200
> ~:crete> sudo klist -e -k /etc/krb5.keytab | grep nfs

Could be hostname and principla dont match: crete.foo.com != crete.mitre.org
and realms don't match between the two machines.

>     3 nfs/crete.mitre.org at RCF.MITRE.ORG (DES cbc mode with CRC-32)
>     4 nfs/barnowl.mitre.org at RCF.MITRE.ORG (DES cbc mode with CRC-32)

Why does crete have a keytab entry for barnowl in its keytab?

> ~:crete> sudo mount -F nfs -o sec=krb5 barnowl:/usr /mnt/barnowl
> nfs mount: mount: /mnt/barnowl: Permission denied
> ~:crete>
> 
> krb5kdc.log on the KDC shows absolutely nothing
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444



More information about the Kerberos mailing list