[Freeipa-users] Kerberos enabled NFS error (Key has expired)
William Muriithi
william.muriithi at gmail.com
Sun Nov 6 01:18:13 UTC 2016
On 3 November 2016 at 22:59, William Muriithi
<william.muriithi at gmail.com> wrote:
> Hello
>
> I have NFS server that has been working fine with "sec=sys" for years
> but changed it last weekend to use "sec=krb5" last weekend. Since
> then, users have been randomly complaining that they are seeing the
> below error:
>
> [alexl at manganese /<7>dtop/simulation/vhdl_example]$ ll /projects/sparrow/meng
>
> ls: cannot access /projects/sparrow/meng: Key has expired
>
> When I login and try to list the content of the same directory, all
> works fine. What is the root cause of this error? I have been
> googling for a week, but haven't found any solution so far.
Posting this to help anyone who may have the same problem and end up
coming across this post. The problem was the script was changing user
through su. This mean they didn't have any kerberos key after on that
host as su bypassed proper authentication
When the user used his username to ssh to the host and then run the
script, the problem went away
Regards,
William
More information about the Freeipa-users
mailing list