NFSv3+Krb5 and mountd - Per Olofsson

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Per Olofsson <pelle@dsv.su.se>
To: nfs@lists.sourceforge.net
Subject: NFSv3+Krb5 and mountd
Date: Tue, 24 Aug 2004 20:41:38 +0200	[thread overview]
Message-ID: <20040824184138.GB3251@nasse> (raw)

Hi,

I'm trying to use NFSv3 with Kerberos 5. I'm using Debian sarge with
Linux 2.6.7, nfs-utils 1.0.6 with the CITI_NFS4_ALL-13 patch, and
util-linux mount 2.12 with the CITI_NFS4_ALL patch.

I added the following definition to /etc/exports:

/tmpexp gss/krb5(rw)

Then, on the client, I run:

# mount -osec=krb5 oberon:/tmpexp /mnt
mount: oberon:/tmpexp failed, reason given by server: Permission denied

and it fails. According to the log:

Aug 23 19:17:48 oberon rpc.mountd: refused mount request from
mallinux.dsv.su.se for /tmpexp (/): not exported

Now, I add the client machine's name to /etc/exports:

/tmpexp gss/krb5(rw) mallinux(ro)

And it works! I can tell that it uses Kerberos because I can write to
the mounted fs if I have a ticket, but not without. The drawback is
that I am now allowing AUTH_SYS mounting as well, which I want to
avoid. Is this a bug in mountd? Is it difficult to fix?

-- 
Pelle

-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

next             reply	other threads:[~2004-08-24 18:41 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-08-24 18:41 Per Olofsson [this message]
2004-08-30  1:41 ` NFSv3+Krb5 and mountd Paul Jakma
2004-08-30  2:01   ` J. Bruce Fields
2004-08-30 15:45     ` Per Olofsson
2004-08-30 16:45       ` Trond Myklebust
2004-08-30 17:17         ` J. Bruce Fields
2004-08-30 17:45           ` Trond Myklebust
2004-08-30 18:04             ` J. Bruce Fields
2004-08-30 22:25               ` Trond Myklebust
2004-09-02 15:39                 ` J. Bruce Fields
2004-08-30 21:54           ` Per Olofsson
2004-08-30 21:25         ` Per Olofsson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040824184138.GB3251@nasse \
    --to=pelle@dsv.su.se \
    --cc=nfs@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.