Kerberized NFS (GSS-API) problem with multiple-IP Address and single hostname
san_patil at hotmail.com
Mon Jan 3 22:12:48 EST 2011
I am facing problems running kerberized NFS ( or even a gss-client/gss-server application) in a setup where a server instance is served by multiple machines having the same hostname but different ip-address.
To be specific;
I have kerberized NFS server running on 3 separate machine (exporting the same share) where ever machine has a different IP address but the same hostname (In other words the hostname is associated with 3 IP-address- for general load balancing using DNS). Now when I acquire kerberos credentials from a client machine and mount the NFS share against the hostname ,it fails. The reason it seems to fail is because when the gss-api handshake takes place between the NFS client and NFS server , the kerberos/gss-api library always tends to resolve the hostname to ipaddress and in this case ends up getting different IP address. So looks like when we mount NFS, the first part of the gss-api handshake takes place with one machine and in the next iteration it goes to a different machine ( where there is no gss-api context) and hence it fails.
The same setup works fine when we keep only one NFS server machine up and running which cross confirms our above understanding. Also the ip traces helps confirm the above.
So my question is,how can such a scenario be tackled?
One way is to hardcode the ipaddress of NFS server machine on all NFS client machine - but this defeats the entire purpose of doing it thru DNS...Any Clues ?
The above seems to be similar to a multi-home machine ,but is significantly different as in a multi-home machine its the same machine with 3 IP address,unlike in this case its 3 machine with 3 IP address and same hostname.
More information about the krbdev