kvno of kinit not matching kvno of nfs principal and keytab using LDAP back end
Kevin Longfellow
klongfel at yahoo.com
Fri Apr 13 15:17:36 EDT 2012
Hi,
Configuration:
The KDC's running MIT Kerberos 1.7.2 (with patches)
LDAP back end
Running on RedHat Linux EL 5.4
I'm curious if there is a known issue that might be fixed with a patch or particular release where the kvno from kinit is 2 but the kvno of the nfs principal and what's in the keytab is 3? A simple restart of krb5kdc resolves the issue so something seems to get out of sync with the LDAP back end or a possible cache issue?
Before considering moving to a higher version, I would like to know this is very likely fixed. If not I'll log a bug a try to reproduce in a test environment.
The end result is access to the NFS server is denied due to the kvno mismatch and a restart of krb5kdc fixes the issue.
Any ideas?
Thanks,
Kevin
More information about the Kerberos
mailing list