Hello, I'm trying to get kerberized nfs working on Fedora 14 server/client. Other kerberized services work properly, just not nfs.
### I generated the principles like so: ### --> On nfs+krb5 server: kadmin.local -q "addprinc -randkey nfs/nfsserver" kadmin.local -q "addprinc -randkey nfs/nfsclient" kadmin.local -q "ktadd -e des-cbc-crc:normal nfs/nfsserver" --> On nfs client: kadmin -w root -p root/admin -q "ktadd -e des-cbc-crc:normal nfs/nfsclient" ### Here are the relevant error logs: ### --> On nfs+krb5 server: -root:</home/matt># rpc.svcgssd -fvvvvv entering poll leaving poll handling null request sname = nfs/nfscli...@myrealm DEBUG: serialize_krb5_ctx: lucid version! prepare_krb5_rfc4121_buffer: protocol 1 prepare_krb5_rfc4121_buffer: serializing key with enctype 18 and size 32 doing downcall mech: krb5, hndl len: 4, ctx len 52, timeout: 1291642775 (86400 from now), clnt: n...@nfsclient, uid: -1, gid: -1, num aux grps: 0: : qword_eol: fflush failed: errno 38 (Function not implemented) WARNING: error writing to downcall channel /proc/net/rpc/auth.rpcsec.context/channel: Function not implemented sending null reply writing message: \x \x6082020a06092a864886f71201020201006e8201f9308201f5a003020105a10302010ea20703050020000000a381f66181f33081f0a003020105a1101b0e434950495352564e4554574f524ba2193017a003020103a110300e1b036e66731b0763697069737276a381bb3081b8a003020101a103020103a281ab0481a8467083160d6a455e018cb32de6be79ce02beaf74e74bf404998bdce0cf2d9e095a1a7606e57c5ffc0c5e75338ac185ba45606abfb0bfb39b168bba9442fab3e46e01baefadb3c36c20390fa0513219694e931b7f5c32dfe808ab2717231062ed9849dd9d8610f77607cb0de483348915df84ed107d7e146dbb6ad505aedc48edcbe0c46f9d9415b70b2732307ebeb4b716ef97ad2bef8e9163a054a0ed74c9c8eb78c34497c3f2caa481e63081e3a003020101a281db0481d81ad9b0df75c2ad27c624f880cc74f6529b30f7c8d9b31b022c64091433dcb1c03cc1f9f4f045c406a71613abdc5b392216ff89efa1275519ccdae4c4f1bfdae606fc13b8a0067e2f048ab1ca1a493d4395e4aa2a52ed5ec726ebffc003407f140fb816ac0ded2720c42169e8f9c1ba9a9a31c8aaa6cd11b4f9677c41592e448cc6aed77467102b4a2b82f819da25227e498948cf0285d9a23cd939d24c5b9216827c69596a1e8f3ea6c219d53a13e85d0f2246eae2eebd2f eedc8da2c7791e9406971cc7b96c8a05a91c61d8444a4100ff51f8f3e7d2de52 1291556435 0 0 \x01000000 \x60818806092a864886f71201020202006f793077a003020105a10302010fa26b3069a003020101a2620460f0e09c71cb6c0789e17de45cbf7ffc25507df68232aba97df654a7df07583302af5532e31e502e295fb7efe03eea0a313627af26e985e88d32ff42a02022cea63e5b319a4d75d2d7bb3c415c220e8a43d8d1a24571409bf0ae53baf10afe0693 finished handling null request entering poll --> On nfs client: -r...@cipix:<~># rpc.gssd -fvvvvv beginning poll dir_notify_handler: sig 37 si 0x7fff331245f0 data 0x7fff331244c0 dir_notify_handler: sig 37 si 0x7fff3311faf0 data 0x7fff3311f9c0 dir_notify_handler: sig 37 si 0x7fff331245f0 data 0x7fff331244c0 handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt18) handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 ' handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt18) process_krb5_upcall: service is '<null>' Full hostname for 'NFSSERVER' is 'nfsserver' Full hostname for 'nfsclient' is 'nfsclient' Key table entry not found while getting keytab entry for 'root/nfsclient@' Success getting keytab entry for 'nfs/nfsclient@' Successfully obtained machine credentials for principal 'nfs/nfscli...@myrealm' stored in ccache 'FILE:/tmp/krb5cc_machine_MYREALM' INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_MYREALM' are good until 1291642775 using FILE:/tmp/krb5cc_machine_MYREALM as credentials cache for machine creds using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_MYREALM creating context using fsuid 0 (save_uid 0) creating tcp client for server nfsserver DEBUG: port already set to 2049 creating context with server n...@nfsserver WARNING: Failed to create krb5 context for user with uid 0 for server nfsserver WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_MYREALM for server nfsserver WARNING: Machine cache is prematurely expired or corrupted trying to recreate cache for server nfsserver Full hostname for 'nfsserver' is 'nfsserver' Full hostname for 'nfsclient' is 'nfsclient' Key table entry not found while getting keytab entry for 'root/nfsclient@' Success getting keytab entry for 'nfs/nfsclient@' INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_MYREALM' are good until 1291642775 INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_MYREALM' are good until 1291642775 using FILE:/tmp/krb5cc_machine_MYREALM as credentials cache for machine creds using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_MYREALM creating context using fsuid 0 (save_uid 0) creating tcp client for server nfsserver DEBUG: port already set to 2049 creating context with server n...@nfsserver WARNING: Failed to create krb5 context for user with uid 0 for server nfsserver WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_MYREALM for server nfsserver WARNING: Failed to create machine krb5 context with any credentials cache for server nfsserver doing error downcall dir_notify_handler: sig 37 si 0x7fff331245f0 data 0x7fff331244c0 dir_notify_handler: sig 37 si 0x7fff331245f0 data 0x7fff331244c0 dir_notify_handler: sig 37 si 0x7fff331245f0 data 0x7fff331244c0 dir_notify_handler: sig 37 si 0x7fff331245f0 data 0x7fff331244c0 dir_notify_handler: sig 37 si 0x7fff331245f0 data 0x7fff331244c0 dir_notify_handler: sig 37 si 0x7fff331245f0 data 0x7fff331244c0 dir_notify_handler: sig 37 si 0x7fff331245f0 data 0x7fff331244c0 destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt19 destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt18 ---- Any help would be appreciated, thanks. ps: I do have allow_weak_crypto = yes ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
