NFSv4 cross-realm support
Jaap
jwinius at umrk.nl
Wed Jul 2 09:53:12 EDT 2014
Hi folks,
Recently I've been working on cross-realm support to give my own realm,
UMRK.NL, access to the services of a realm that I manage. All systems
involved run Debian wheezy. So far, SSH, OpenLDAP, OpenAFS and Dovecot
IMAP are all working properly this way, but NFSv4 with sec=krb5i is not;
I keep getting "Permission denied" when attempting to read or write to
any file or directory that is not globally accessible.
When the log output verbosity for rpc.gssd and rpc.svcgssd is increased
about as far as it will go (-vvvvv), little is different when things go
wrong, other than this one line produced by rpc.svcgssd on the server:
nss_gss_princ_to_ids: Local-Realm 'UMRK.NL': NOT FOUND
However, even that seems a bit misleading, because the log output for
rpc.idmapd (with Verbosity = 5) shows that the user and group IDs for my
account are being identified properly.
Should I prepare a bug report for this issue, or does cross-realm support
for NFSv4 require something extra?
Thanks,
Jaap
More information about the Kerberos
mailing list