[29209] in Kerberos
Re: kerberized NFS on OS X (gssd problem)
daemon@ATHENA.MIT.EDU (John Caruso)
Fri Feb 8 20:24:06 2008
From: John Caruso <johnSPAMcarAWAYuso@myprivacy.ca>
Message-ID: <slrnfqpu5t.3ks.johnSPAMcarAWAYuso@news.sbcglobal.net>
X-Complaints-To: abuse@prodigy.net
Date: Sat, 09 Feb 2008 00:50:09 GMT
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 2008-02-08, John Caruso <johnSPAMcarAWAYuso@myprivacy.ca> wrote:
> On 2008-02-08, Richard E. Silverman <res@qoxp.net> wrote:
>> I have found that kerberized NFSv3 does work, though.
>
> That's the route I went as well. And it not only works, but it works
> with just the behaviors I was looking for (files are created with the
> Kerberos principal rather than uid 501, they're assigned the same gid
> as the directory in which they're created, and mounting the filesystem
> requires only a user principal rather than full-blown host/nfs keys).
However, I have found that the Mac client generates warnings like the
following on the Netapp filer while it has the NFSv3/Kerberos 5 mount in
place, even if I'm not actively using the mount (and/or the machine):
Fri Feb 8 15:20:24 PST [nfsd.auth.status.bad:warning]: Client a.b.c.d has an authentication error 14
They generally occur about 30 minutes apart, so perhaps there's some
process kicking off under OS X that's causing them. Are you seeing these
as well (or analogous errors if you're not using a Netapp filer as the
NFS server)?
- John
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
