[Freeipa-users] krb5 nfs failure between F14 freeipa server and F14 client
Simo Sorce
ssorce at redhat.com
Mon Dec 6 18:35:18 UTC 2010
On Mon, 06 Dec 2010 18:31:37 +0100
Thomas Sailer <sailer at sailer.dynip.lugs.ch> wrote:
> On Mon, 2010-12-06 at 10:55 -0500, Simo Sorce wrote:
>
> Hi Simo,
>
> thanks for your response!
>
> > We are seeing an issue with F14 DS where it has been built against
> > opneldap libraries while we still have plugins built against
> > mozldap.
>
> Where would that help?
> just for the ipa-getkeytab reliability issue?
Yes, that is probably a side effect of the problem we're solving.
> Because after the kerberos keys are in the client's keytab, how is
> ldap even involved in the nfs issues?
Keys are stored in ldap and asn.1 encoding is generated using ldap
libraries before storing it.
If that operation fails it may generate malformed entries that the KDC
later can't properly decode.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list