Hi,
On Fri, Jan 27, 2012 at 11:14:04PM +0100, Giorgio Pioda wrote:
>
> your solution seems more or less an unavoidable hack.
>
> Nice would be to tell Kerberos to avoid service check and control
> only user ID.
>
> What about this:
>
> http://docs.oracle.com/cd/E19963-01/html/821-1456/setup-148.html#gihyu
>
> Maybe could be a solution, but I don't know exactly if it works
> as I think it should:
>
> client # cat /etc/krb5/krb5.conf
> [libdefaults]
> default_realm = EXAMPLE.COM
> verify_ap_req_nofail = false
> ...
I just tried with
verify_ap_req_nofail = false
and disabled the ticket copying, unfortunatelly it seems not to work
here. I have to think about it, but isn't it necessary to have a
ticket available as it is used to encrypt the connection to the NFS
server (sec=krb5p)?
Best regards,
Andi
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/20120128094033.GA5120@flashgordon
