Re: Diskless clients: NFSv4 mounting with sec=krb5p and no machine creds
Hi,
On Fri, Jan 27, 2012 at 11:14:04PM +0100, Giorgio Pioda wrote:
>
> your solution seems more or less an unavoidable hack.
>
> Nice would be to tell Kerberos to avoid service check and control
> only user ID.
>
> What about this:
>
> http://docs.oracle.com/cd/E19963-01/html/821-1456/setup-148.html#gihyu
>
> Maybe could be a solution, but I don't know exactly if it works
> as I think it should:
>
> client # cat /etc/krb5/krb5.conf
> [libdefaults]
> default_realm = EXAMPLE.COM
> verify_ap_req_nofail = false
> ...
I just tried with
verify_ap_req_nofail = false
and disabled the ticket copying, unfortunatelly it seems not to work
here. I have to think about it, but isn't it necessary to have a
ticket available as it is used to encrypt the connection to the NFS
server (sec=krb5p)?
Best regards,
Andi
Reply to: