From: Richard Smits <R.Smits@tudelft.nl>
To: Myles Uyema <mlists@uyema.net>
Cc: linux-nfs <linux-nfs@vger.kernel.org>
Subject: Re: linux / automount not respecting sec=sys parameter when NFS server supports sys:krb5
Date: Sun, 10 Apr 2011 02:06:05 +0200 [thread overview]
Message-ID: <4DA0F46D.3000909@tudelft.nl> (raw)
In-Reply-To: <BANLkTintp8Hx-D46L0WC6-+JJK=jDvz1KQ@mail.gmail.com>
Myles Uyema wrote:
> We have a Netapp filer (8.0.1) exporting NFSv3 homedirs with -sec=sys:krb5,rw
This is interesting. Are you making an export on a Netapp filer that is
"sec=sys" AND "sec=krb5" ? (sys:krb5)
In my experience this doesn't work and you can only make a "sec=sys"
export OR a "sec=krb5" on the same directory/qtree.
Can you please clarify this ?
Greetings .. Richard Smits
> We have automount using LDAP for homedir mounts, explicitly specifying
> sec=sys for all users, except for the krb5 beta testers.
>
> We are rolling out users with kerberos slowly across our linux
> machines. However, when a krb5 beta tester accessing any homedir,
> Linux and automount will choose to mount that homedir using sec=krb5.
> It's quite apparent that /etc/mtab shows the mount parameter as
> sec=sys, but /proc/mounts shows the same mount as sec=krb5
>
> /etc/mtab
> nfstest101:/vol/krbtest01/testuser /home/testuser nfs
> rw,hard,intr,sec=sys,addr=10.21.127.101 0 0
>
> /proc/mounts
> nfstest101:/vol/krbtest01/testuser /home/testuser nfs
> rw,vers=3,rsize=65536,wsize=65536,hard,intr,proto=tcp,timeo=600,retrans=2,sec=krb5,addr=10.21.127.101
> 0 0
>
> If testuser then logs in (without a kerberos ticket) they cannot
> access their own home directory.
>
> Why is linux/automount ignoring our explicit sec=sys parameter?
>
> Linux 2.6.20 kernel CentOS 5.x
> Autofs 5.0.1
> mount (util-linux 2.13-pre7)
> MIT-Kerberos 5
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-04-10 0:28 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-08 23:30 linux / automount not respecting sec=sys parameter when NFS server supports sys:krb5 Myles Uyema
2011-04-10 0:06 ` Richard Smits [this message]
2011-04-16 0:07 ` Myles Uyema
2011-04-16 12:00 ` Richard Smits
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DA0F46D.3000909@tudelft.nl \
--to=r.smits@tudelft.nl \
--cc=linux-nfs@vger.kernel.org \
--cc=mlists@uyema.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.