Kerberos, ADS and NFSv4
Timo Aaltonen
tjaalton at cc.hut.fi
Tue Aug 29 08:16:57 BST 2006
On Tue, 29 Aug 2006, Edward Murrell wrote:
> Timo Aaltonen wrote:
>> On Mon, 28 Aug 2006, Edward Murrell wrote:
>>
>>
>> It's working fine here. The server is a Data ONTAP 7.1 (NetApp), though.
>> Sudo is making life a bit difficult though, since the credentials are not
>> delegated to the sudoed root (ie. you can't access your $HOME..).
>>
> That's odd. I can definitely use my credentials in sudo. Is this with
> Heimdal or MIT Kerberos?
MIT. Here the root-user is also always mapped as 'nobody', which is a pain
in the b...
> The fact that it's working for other people implies that I've either
> done something silly (probably to do with the idmap daemon), or that the
> Ubuntu serverside stuff is busted somewhere.
I'm using dapper with backported nfs-utils (& librpcsecgss, libgssapi,
libnfsidmap) from sid.
> I've also had a weird problem where using Kerberos authenticated logins
> on PAM put the tickets in;
>
> /tmp/krb5cc_$UID_$RANDCHARS
>
> Whereas the nfs4 kernel module goes looking in
> /tmp/krb5cc_$UID
>
> This creates a small problem if you're mouting your /home over NFSv4!
> How did you get around this problem?
well, here it works just right for local logins, but not over ssh (if the
server you are connecting to also has krb-mounted $HOME). Maybe you should
try the backported packages (at least on a client) and report back:
http://users.tkk.fi/~tjaalton/nfs/
t
More information about the ubuntu-devel
mailing list