Solaris 10, secure nfs, permission denied
Douglas E. Engert
deengert at anl.gov
Thu May 15 13:40:30 EDT 2008
Jeff Blaine wrote:
> If anyone has any idea what I am doing wrong here, please
> chime in.
>
> ~:barnowl> uname -a
> SunOS barnowl.foo.com 5.10 Generic_127127-11 sun4u sparc
> SUNW,Sun-Fire-V240
> ~:barnowl> sudo klist -e -k /etc/krb5.keytab | grep nfs
> 3 nfs/barnowl.foo.com at RCF.FOO.COM (DES cbc mode with CRC-32)
> 4 nfs/crete.foo.com at RCF.FOO.COM (DES cbc mode with CRC-32)
Why does barnowl have a keytab entry for crete in its keytab?
> ~:barnowl> sudo share
> - /usr sec=krb5:krb5i:krb5p ""
> ~:barnowl>
>
>
> ~:crete> uname -a
> SunOS crete.foo.com 5.10 Generic_118833-36 sun4v sparc SUNW,Sun-Fire-T200
> ~:crete> sudo klist -e -k /etc/krb5.keytab | grep nfs
Could be hostname and principla dont match: crete.foo.com != crete.mitre.org
and realms don't match between the two machines.
> 3 nfs/crete.mitre.org at RCF.MITRE.ORG (DES cbc mode with CRC-32)
> 4 nfs/barnowl.mitre.org at RCF.MITRE.ORG (DES cbc mode with CRC-32)
Why does crete have a keytab entry for barnowl in its keytab?
> ~:crete> sudo mount -F nfs -o sec=krb5 barnowl:/usr /mnt/barnowl
> nfs mount: mount: /mnt/barnowl: Permission denied
> ~:crete>
>
> krb5kdc.log on the KDC shows absolutely nothing
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list