Strange (klist) behaviour
Greg Hudson
ghudson at MIT.EDU
Thu May 26 15:54:08 EDT 2011
On Thu, 2011-05-26 at 04:58 -0400, Bjørge Solli wrote:
> I have a situation when testing our brand new NetApp (NAS) as NFS4+krb5
> home dirs. Tickets from our KDC dissapears, but seems to have no affect
> on usage, and then appears again by itself after some time. We don't do
> anything active to get the ticket back, but I gather something is
> triggering it. The strange thing is that I was expecting the lack of
> ticket to shut the user out from his home dir.
Everything other than the krbtgt ticket is just a performance
optimization; service tickets are obtained from the KDC when necessary.
The lack of a service ticket in the ccache does not generally result in
denial of service.
I suspect the service ticket is "disappearing" when tickets are obtained
or renewed, and reappearing when rpc.gssd needs to establish a new
security context with the NFS server. I can't say for sure, though.
More information about the Kerberos
mailing list