Re: Diskless clients: NFSv4 mounting with sec=krb5p and no machine creds

["Andreas B. Mundt" <andi.mundt@web.de>]

Hi,

On Fri, Jan 27, 2012 at 11:14:04PM +0100, Giorgio Pioda wrote:
> 
> your solution seems more or less an unavoidable hack.
> 
> Nice would be to tell Kerberos to avoid service check and control
> only user ID.
> 
> What about this:
> 
> http://docs.oracle.com/cd/E19963-01/html/821-1456/setup-148.html#gihyu
> 
> Maybe could be a solution, but I don't know exactly if it works
> as I think it should:
> 
> client # cat /etc/krb5/krb5.conf
> [libdefaults]
>         default_realm = EXAMPLE.COM
>         verify_ap_req_nofail = false
>   ...

I just tried with 

  verify_ap_req_nofail = false

and disabled the ticket copying, unfortunatelly it seems not to work
here.  I have to think about it, but isn't it necessary to have a
ticket available as it is used to encrypt the connection to the NFS
server (sec=krb5p)?

Best regards,

     Andi