[28557] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Credential weirdness

daemon@ATHENA.MIT.EDU (Kevin Coffman)
Mon Oct 15 10:31:46 2007

Message-ID: <4d569c330710150711w5a84a57di53a1372fadbc729e@mail.gmail.com>
Date: Mon, 15 Oct 2007 10:11:29 -0400
From: "Kevin Coffman" <kwc@citi.umich.edu>
To: "=?ISO-8859-1?Q?Roberto_C._S=E1nchez?=" <roberto@connexer.com>
In-Reply-To: <20071014022302.GC5581@miami.connexer.com>
MIME-Version: 1.0
Content-Disposition: inline
Cc: Kerberos Mailing List <kerberos@mit.edu>
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit

On 10/13/07, Roberto C. Sánchez <roberto@connexer.com> wrote:
> Hello,
>
> I have encoutered some weirness with machine credentials (I think).
> Maybe someone can explain what is happenning.
>
> Here is my configuration:
>
>  server1: exports user home directories via NFS using gss/krb5p
>  server2: is the KDC and mounts the home directories as a client
>  server3: just mounts the user home directories as a client
>
> Now, if server1 or server3 reboots, there is no problem.  However, if
> server2 reboots, I must run kadmin on server1, remove the nfs/server1
> key from the local keytab and add it back in.  Then I must restart the
> NFS service.  After that server2 and server3 can again mount the home
> directories.
>
> Why is this.  Is it because server2 is the KDC.  But why would server2's
> reboot necessitate regenerating the nfs/server1 key on server1?
>
> Regards,
>
> -Roberto

Hello Roberto,
This sounds very strange.  server2 is not storing the kerberos
database in NFS is it?

I'm assuming these are all Linux machines.  If so, contact me off-list
with exact error messages that you encounter after rebooting server2.

K.C.

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home help back first fref pref prev next nref lref last post