Strange (klist) behaviour

Bjørge Solli Bjorge.Solli at adm.uib.no
Thu May 26 04:58:20 EDT 2011 

I have a situation when testing our brand new NetApp (NAS) as NFS4+krb5 
home dirs. Tickets from our KDC dissapears, but seems to have no affect 
on usage, and then appears again by itself after some time. We don't do 
anything active to get the ticket back, but I gather something is 
triggering it. The strange thing is that I was expecting the lack of 
ticket to shut the user out from his home dir. See this info to get an 
understanding (ng01 is the NetApp controller serving the NFS4, 
UNIX.UIB.NO is our MIT KDC running on Solaris):

$ date; klist; mount | grep krb5; touch /Home/siv99/hdbfp/test; ls -l 
/Home/siv99/hdbfp/test;
Thu May 26 10:22:21 CEST 2011
Ticket cache: FILE:/tmp/krb5cc_32929_FVGxPN
Default principal: hdbfp at UNIX.UIB.NO

Valid starting     Expires            Service principal
05/26/11 09:56:14  05/27/11 09:56:14  krbtgt/UNIX.UIB.NO at UNIX.UIB.NO
     renew until 06/23/11 09:56:14
05/26/11 09:56:24  05/26/11 21:56:24  nfs/voss.uib.no at UNIX.UIB.NO
     renew until 06/02/11 09:56:24
oslo-s.uib.no:/vol/oslos/NAS99 on /Home/siv99 type nfs4 
(rw,intr,sec=krb5,sloppy,addr=129.177.3.10,clientaddr=129.177.10.89)
-rw-r--r-- 1 hdbfp ansatt 10 May 26  2011 /Home/siv99/hdbfp/test

(the above can be repeated for some time before this happens:)

$ date; klist; mount | grep krb5; touch /Home/siv99/hdbfp/test; ls -l 
/Home/siv99/hdbfp/test;
Thu May 26 10:34:57 CEST 2011
Ticket cache: FILE:/tmp/krb5cc_32929_FVGxPN
Default principal: hdbfp at UNIX.UIB.NO

Valid starting     Expires            Service principal
05/26/11 09:56:14  05/27/11 09:56:14  krbtgt/UNIX.UIB.NO at UNIX.UIB.NO
     renew until 06/23/11 09:56:14
05/26/11 09:56:24  05/26/11 21:56:24  nfs/voss.uib.no at UNIX.UIB.NO
     renew until 06/02/11 09:56:24
05/26/11 10:29:23  05/27/11 09:56:14  nfs/ng01.uib.no at UNIX.UIB.NO
     renew until 06/23/11 09:56:14
oslo-s.uib.no:/vol/oslos/NAS99 on /Home/siv99 type nfs4 
(rw,intr,sec=krb5,sloppy,addr=129.177.3.10,clientaddr=129.177.10.89)
voss.uib.no:/NAS1 on /Home/siv type nfs4 
(rw,intr,sec=krb5,sloppy,addr=129.177.25.201,clientaddr=129.177.10.89)
-rw-r--r-- 1 hdbfp ansatt 10 May 26 10:34 /Home/siv99/hdbfp/test

Any ideas on how to find the cause of this dissapearing and reappearing 
of the ticket for nfs/ng01.uib.no at UNIX.UIB.NO? Or maybe this is intended 
behaviour? Could the version of the KDC have an effect on this (we're 
not on latest release).

-- 
Mvh/Regards, Bjørge Solli
Systemarkitekt Unix klientdrift
Overingeniør/Chief engineer at Uni. Bergen, IT, Infrastruktur, Unix
Nygårdsgaten 5. Pb.7800, N-5020 Bergen, Norway. www.uib.no/it
(+47) Tlf: (555)82774 Mob: 91614343 Fax: (555)84299

More information about the Kerberos mailing list