* [PATCH] libnfsidmap: debug log when local Realms are not found
@ 2009-06-05 15:12 Steve Dickson
0 siblings, 0 replies; only message in thread
From: Steve Dickson @ 2009-06-05 15:12 UTC (permalink / raw)
To: Kevin Coffman; +Cc: linux-nfs
Hey Kevin,
When the krb5 realm and the DNS domain name are not
the same and the 'Local-Realm' variable is not
set (or set incorrectly) in /etc/idmapd.conf,
causes the krb5 mounted file system to be inaccessible
by any and all users, which is the right thing to do.
But, the problem is, there is no reason logged as
to why the all users are being denied assess; with
or without debug enabled.
This patch will log, with debug enabled, when the
krb5 realm can not be used since it does not match
the DNS domain name or the 'Local-Realm' variable
defined in /etc/idmad.conf.
Signed-off-by: Steve Dickson <steved@redhat.com>
---------------------------------
diff -up libnfsidmap/nss.c.orig libnfsidmap/nss.c
--- libnfsidmap/nss.c.orig 2009-04-13 14:46:17.000000000 -0400
+++ libnfsidmap/nss.c 2009-06-05 10:37:46.000000000 -0400
@@ -298,9 +298,11 @@ static int nss_gss_princ_to_ids(char *se
break;
}
}
- if (!found)
+ if (!found) {
+ IDMAP_LOG(1, ("nss_gss_princ_to_ids: Local-Realm '%s': NOT FOUND",
+ princ_realm));
return -ENOENT;
-
+ }
/* XXX: this should call something like getgssauthnam instead? */
pw = nss_getpwnam(princ, NULL, &err);
if (pw == NULL) {
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2009-06-05 15:15 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-06-05 15:12 [PATCH] libnfsidmap: debug log when local Realms are not found Steve Dickson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox