Kerberos contexts - definition?
Nico Williams
nico at cryptonector.com
Mon Aug 27 17:51:13 EDT 2012
On Mon, Aug 27, 2012 at 1:59 PM, Derek Warren <warren at sfu.ca> wrote:
> Which of those two contexts do you suppose the authors of
> nfs-utils meant when writing error messages like this:
Bingo.
>> rpc.gssd: WARNING: Failed to create krb5 context for user with uid 0 for server nfsserver.example.com
>> rpc.gssd: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_AD.EXAMPLE.COM for server nfsserver.example.com
It's obnoxious that rpc.gssd is saying "krb5 context" when it really
means "GSS security context for the Kerberos mechanism"... But that's
what's happening.
> On 2012-08-27, at 10:59 AM, steve at steve-ss.com wrote:
>> For us, nfs4 with a Samba4 AD, gssd fails when it can't find e.g. a
>> machine key in (by default) /etc/krb5.keytab
>
> Thank you, Steve. My previous diatribe shows that _all_ of those
> principals are present in /etc/krb5.keytab on the NFS server and client.
>
> Interesting that the only obvious differences here are that your setup
> works and doesn't contain any Microsoft products...
Did you setup the SPNs in AD properly?
Nico
--
More information about the Kerberos
mailing list