[29103] in Kerberos
kerberized NFS on OS X (gssd problem)
daemon@ATHENA.MIT.EDU (Richard E. Silverman)
Fri Jan 18 20:21:27 2008
From: "Richard E. Silverman" <res@qoxp.net>
Date: Fri, 18 Jan 2008 00:37:16 -0500
Message-ID: <m263xry9rn.fsf@darwin.oankali.net>
MIME-Version: 1.0
X-Complaints-To: abuse@speakeasy.net
X-DMCA-Complaints-To: abuse@speakeasy.net
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
This may be better directed to an OS X internals forum -- but it's worth
posting to these groups because it involves NFS and Kerberos. I'm trying
to use a Leopard machine as a kerberized NFSv4 client. I get this:
$ mount -v -t nfs -o vers=4.0alpha -o sec=krb5 server:/foo /foo
mount_nfs: /Users/res/foo: Authentication error
and I get this in the system log:
Jan 18 00:15:59 darwin kernel[0]: nfs_gss_clnt_gssd_upcall: gssd port not valid
Jan 18 00:15:59 darwin kernel[0]: nfs4_setclientid failed, 80
The kernel is making the expected upcall to gssd, but failing to
communicate with it. Now, gssd is started by launchd, which should be
listening on the gssd Mach port for this call. Indeed, the launchd
configuration for gssd,
/System/Library/LaunchDaemons/com.apple.gssd.plist, indicates it's
listening on task special port 8. And the xnu source shows that it should
be using the same port number:
[osfmk/mach/task_special_ports.h]
#define TASK_GSSD_PORT 8 /* GSSD port for security context */
But it's not working. Anyone run into this before, or have any ideas?
Thanks,
--
Richard Silverman
res@qoxp.net
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
