SV: pkinit and nfs
Douglas E. Engert
deengert at anl.gov
Mon Oct 17 14:39:02 EDT 2011
On 10/17/2011 3:21 AM, Martinsson Patrik wrote:
> Well yes, however if you add
> pkinit_identities = PKCS11:path-to-smartcardlib
> to the [libdefaults] section of your krb5.conf, the rpc.gssd will segfault.
Do you have the core file from this (or from the kinit failure) or can you
force a core file, then get a stack trace?
Does this fail with other PKCS#11 libraries Can you try with opensc-pkcs11.so?
Can you do an ldd command on the libiidp11.so and on kinit or tpc.gssd
to see what other libs each needs?
This could be a linking problem with libiidp11.so, where is ends up using the wrong
version of some lib used by kinit.
>
> In my world that means that rpc.gssd reads the pkinit-option in some way, but I'm not sure.
>
> Best regards,
> Patrik Martinsson, Sweden.
>
>
>
>
>
> Från: Frank Cusack [mailto:frank at tenpedal.com]
> Skickat: den 14 oktober 2011 20:04
> Till: Martinsson Patrik
> Kopia: kerberos at mit.edu
> Ämne: Re: pkinit and nfs
>
> On Fri, Oct 14, 2011 at 1:56 AM, Martinsson Patrik<patrik.martinsson at smhi.se<mailto:patrik.martinsson at smhi.se>> wrote:
> How do I setup krb5.conf to get nfs not use pkinit, whilst when for example doing a regular "kinit" pkinit should be used.
>
> "nfs", i.e. rpc.gssd, does not use pkinit ever. It uses only a keytab.
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list