[Freeipa-users] Problem with Kerberised NFS mount

Simo Sorce simo at redhat.com
Mon Jul 15 18:23:25 UTC 2013 

On Mon, 2013-07-15 at 16:15 +0000, Ondrej Valousek wrote:
> Ok. I agree that the problem needs to be fixed in kernel - lets hope
> the patches will find their way into RHEL 7 ;-).

I am not aware of any kernel issue.

> Does it mean that since Fedora 19 the default location of krb5.keytab
> is /var/lib/gssproxy?

no the default keytab is always /etc/krb5.keytab
> 
Simo.
> 
> 
> Odesláno ze Samsung Mobile
> 
> 
> 
> -------- Původní zpráva --------
> Od: Simo Sorce <simo at redhat.com> 
> Datum: 
> Komu: "Adamson, Andy" <William.Adamson at netapp.com> 
> Kopie: andrew at wasielewski.co.uk,freeipa-users at redhat.com 
> Předmět: Re: [Freeipa-users] Problem with Kerberised NFS mount 
> 
> 
> 
> On Fri, 2013-07-12 at 19:16 +0000, Adamson, Andy wrote:
> > On Jul 12, 2013, at 3:02 PM, Rob Crittenden <rcritten at redhat.com>
> >  wrote:
> > 
> > > Chuck Lever wrote:
> > >> 
> > >> On Jul 12, 2013, at 2:43 PM, Ondrej Valousek
> <ovalousek at vendavo.com
> > >> <mailto:ovalousek at vendavo.com>> wrote:
> > >> 
> > >>> Just back to the Kerberized NFS. Any solution to RH bugzilla
> #786463
> > >>> on the horizon yet?
> > >>> Expiring tickets will render the whole concept unusable
> otherwise.
> > >>> 
> > >>> Anyone?
> > >> 
> > >> Ask on linux-nfs at vger.kernel.org
> <mailto:linux-nfs at vger.kernel.org>.  I
> > >> know upstream is working on this problem.
> > > 
> > > https://fedorahosted.org/gss-proxy/ will solve the problem.
> > 
> > Only for renewable tickets that gss-proxy renews. If a use has a
> non-renewable ticket, then the problem still exists.  I'm working on a
> set of GSS expiry patches and I'll make sure this problem is solved in
> the kernel.
> 
> Just to avoid confusion.
> 
> GSS-Proxy doesn't really handle renews at this stage (except as a a
> possible side effect of GSSAPI doing it under the hood on its own), it
> only handles acquiring new credentials using keytabs or using existing
> valid credentials from a standard ccache pre-populated by the user.
> 
> Simo.
> 
> -- 
> Simo Sorce * Red Hat, Inc * New York
> 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
> 


-- 
Simo Sorce * Red Hat, Inc * New York

More information about the Freeipa-users mailing list