[28556] in Kerberos
Credential weirdness
daemon@ATHENA.MIT.EDU (Roberto =?iso-8859-1?Q?C=2E_S=E1nc)
Sat Oct 13 22:23:38 2007
Date: Sat, 13 Oct 2007 22:23:02 -0400
From: Roberto =?iso-8859-1?Q?C=2E_S=E1nchez?= <roberto@connexer.com>
To: Kerberos Mailing List <kerberos@mit.edu>
Message-ID: <20071014022302.GC5581@miami.connexer.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0966858620=="
Errors-To: kerberos-bounces@mit.edu
--===============0966858620==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="7JfCtLOvnd9MIVvH"
Content-Disposition: inline
--7JfCtLOvnd9MIVvH
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hello,
I have encoutered some weirness with machine credentials (I think).
Maybe someone can explain what is happenning.
Here is my configuration:
server1: exports user home directories via NFS using gss/krb5p
server2: is the KDC and mounts the home directories as a client
server3: just mounts the user home directories as a client
Now, if server1 or server3 reboots, there is no problem. However, if
server2 reboots, I must run kadmin on server1, remove the nfs/server1
key from the local keytab and add it back in. Then I must restart the
NFS service. After that server2 and server3 can again mount the home
directories.
Why is this. Is it because server2 is the KDC. But why would server2's
reboot necessitate regenerating the nfs/server1 key on server1?
Regards,
-Roberto
--=20
Roberto C. S=E1nchez
http://people.connexer.com/~roberto
http://www.connexer.com
--7JfCtLOvnd9MIVvH
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHEX2G5SXWIKfIlGQRAuh9AKDROAKOWNrTfCzbM02gznrfvLV1fwCgimpe
SoJVfKMy9pUcVq/IFuMyOoA=
=g+bU
-----END PGP SIGNATURE-----
--7JfCtLOvnd9MIVvH--
--===============0966858620==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============0966858620==--