From: Jaap Winius <jwinius@umrk.nl>
To: linux-nfs@vger.kernel.org
Subject: NFSv4 cross-realm support
Date: Wed, 2 Jul 2014 17:42:51 +0000 (UTC) [thread overview]
Message-ID: <lp1gar$eb6$1@ger.gmane.org> (raw)
Hi folks,
Recently I've been working on cross-realm support to give my own MIT
Kerberos realm, UMRK.NL, access to the services of a realm that I manage.
All systems involved run Debian wheezy. So far, SSH, OpenLDAP, OpenAFS
and Dovecot IMAP are all working properly this way, but NFSv4 with
sec=krb5i is not; I keep getting "Permission denied" when attempting to
read or write to any file or directory that is not globally accessible.
When the log output verbosity for rpc.gssd and rpc.svcgssd is increased
about as far as it will go (-vvvvv), little is different when things go
wrong, other than this one line produced by rpc.svcgssd on the server:
nss_gss_princ_to_ids: Local-Realm 'UMRK.NL': NOT FOUND
However, even that seems a bit misleading, because the log output for
rpc.idmapd (with Verbosity = 5) shows that the user and group IDs for my
account are being identified properly.
Should I prepare a bug report for this issue, or does cross-realm support
for NFSv4 require something extra?
Thanks,
Jaap
next reply other threads:[~2014-07-02 17:43 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-02 17:42 Jaap Winius [this message]
2014-07-07 12:36 ` NFSv4 cross-realm support Andy Adamson
2014-07-07 16:23 ` Jaap Winius
2014-07-07 21:24 ` Andy Adamson
2014-07-08 1:33 ` Jaap Winius
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='lp1gar$eb6$1@ger.gmane.org' \
--to=jwinius@umrk.nl \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox