clustered NFS - kerberos - mount failure

Kevin Coffman kwcoffman at gmail.com
Thu Mar 26 11:13:47 EDT 2009


Hi,
You don't say what OS you're dealing with here. Different OS's have
different gssd implementations which have a bearing on the issue.

If Linux is involved, you'll get more help mailing the linux-nfs
mailing list (linux-nfs.vger.kernel.org).  If the server is Linux, a
patch has been submitted to work around this issue.  That patch isn't
yet in a release.  Contact me directly, or via the linux list above
for more info.

K.C.

On Thu, Mar 26, 2009 at 2:59 AM, Chinmay P Soman
<chinmay.soman at in.ibm.com> wrote:
> Hi,
>
> I am trying to configure a NFS server with kerberos support. The catch is,
> the NFS server is part of a cluster.  Therefore, all the client mounts are
> done using the
> cluster name and not the server name.
>
> For eg:    Let  cluster name =  Mycluster.domain.com     ,  server =
> server1.domain.com
>
> -----------------------
>
> In this case, when my NFS client mounts as :
> mount -o vers=3,sec=krb5 server1.domain.com:/tmp_share /mnt     =>  This
> passes
>
> However,
> mount -o vers=3,sec=krb5 Mycluster.domain.com:/tmp_share /mnt     =>  This
> fails.
>
>
> I am guessing the gssd daemon on the server side is creating a context for
> its localhost, which is => server1.domain.com
>
> However, the request is meant for Mycluster.domain.com.  Hence, it fails
> due to the mismatch.
>
>
> Please clarify if my reasoning is correct. If yes, also please let me know
> a possible solution
>
>
>
>
> Thanks and regards
>
> Chinmay P Soman
> ctdb/panache research activities, SoNAS
> IBM India Systems & Technology Lab
> Ozone-2, Saswad Road, Pune.
> Tel : 91-020-26901666
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>




More information about the Kerberos mailing list