[28556] in Kerberos

home help back first fref pref prev next nref lref last post

Credential weirdness

daemon@ATHENA.MIT.EDU (Roberto =?iso-8859-1?Q?C=2E_S=E1nc)
Sat Oct 13 22:23:38 2007

Date: Sat, 13 Oct 2007 22:23:02 -0400
From: Roberto =?iso-8859-1?Q?C=2E_S=E1nchez?= <roberto@connexer.com>
To: Kerberos Mailing List <kerberos@mit.edu>
Message-ID: <20071014022302.GC5581@miami.connexer.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0966858620=="
Errors-To: kerberos-bounces@mit.edu


--===============0966858620==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="7JfCtLOvnd9MIVvH"
Content-Disposition: inline


--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello,

I have encoutered some weirness with machine credentials (I think).
Maybe someone can explain what is happenning.

Here is my configuration:

 server1: exports user home directories via NFS using gss/krb5p
 server2: is the KDC and mounts the home directories as a client
 server3: just mounts the user home directories as a client

Now, if server1 or server3 reboots, there is no problem.  However, if
server2 reboots, I must run kadmin on server1, remove the nfs/server1
key from the local keytab and add it back in.  Then I must restart the
NFS service.  After that server2 and server3 can again mount the home
directories.

Why is this.  Is it because server2 is the KDC.  But why would server2's
reboot necessitate regenerating the nfs/server1 key on server1?

Regards,

-Roberto

--=20
Roberto C. S=E1nchez
http://people.connexer.com/~roberto
http://www.connexer.com

--7JfCtLOvnd9MIVvH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHEX2G5SXWIKfIlGQRAuh9AKDROAKOWNrTfCzbM02gznrfvLV1fwCgimpe
SoJVfKMy9pUcVq/IFuMyOoA=
=g+bU
-----END PGP SIGNATURE-----

--7JfCtLOvnd9MIVvH--

--===============0966858620==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

--===============0966858620==--

home help back first fref pref prev next nref lref last post