I have a situation when testing our brand new NetApp (NAS) as NFS4+krb5 home dirs. Tickets from our KDC dissapears, but seems to have no affect on usage, and then appears again by itself after some time. We don't do anything active to get the ticket back, but I gather something is triggering it. The strange thing is that I was expecting the lack of ticket to shut the user out from his home dir. See this info to get an understanding (ng01 is the NetApp controller serving the NFS4, UNIX.UIB.NO is our MIT KDC running on Solaris):
$ date; klist; mount | grep krb5; touch /Home/siv99/hdbfp/test; ls -l /Home/siv99/hdbfp/test; Thu May 26 10:22:21 CEST 2011 Ticket cache: FILE:/tmp/krb5cc_32929_FVGxPN Default principal: [email protected] Valid starting Expires Service principal 05/26/11 09:56:14 05/27/11 09:56:14 krbtgt/[email protected] renew until 06/23/11 09:56:14 05/26/11 09:56:24 05/26/11 21:56:24 nfs/[email protected] renew until 06/02/11 09:56:24 oslo-s.uib.no:/vol/oslos/NAS99 on /Home/siv99 type nfs4 (rw,intr,sec=krb5,sloppy,addr=129.177.3.10,clientaddr=129.177.10.89) -rw-r--r-- 1 hdbfp ansatt 10 May 26 2011 /Home/siv99/hdbfp/test (the above can be repeated for some time before this happens:) $ date; klist; mount | grep krb5; touch /Home/siv99/hdbfp/test; ls -l /Home/siv99/hdbfp/test; Thu May 26 10:34:57 CEST 2011 Ticket cache: FILE:/tmp/krb5cc_32929_FVGxPN Default principal: [email protected] Valid starting Expires Service principal 05/26/11 09:56:14 05/27/11 09:56:14 krbtgt/[email protected] renew until 06/23/11 09:56:14 05/26/11 09:56:24 05/26/11 21:56:24 nfs/[email protected] renew until 06/02/11 09:56:24 05/26/11 10:29:23 05/27/11 09:56:14 nfs/[email protected] renew until 06/23/11 09:56:14 oslo-s.uib.no:/vol/oslos/NAS99 on /Home/siv99 type nfs4 (rw,intr,sec=krb5,sloppy,addr=129.177.3.10,clientaddr=129.177.10.89) voss.uib.no:/NAS1 on /Home/siv type nfs4 (rw,intr,sec=krb5,sloppy,addr=129.177.25.201,clientaddr=129.177.10.89) -rw-r--r-- 1 hdbfp ansatt 10 May 26 10:34 /Home/siv99/hdbfp/test Any ideas on how to find the cause of this dissapearing and reappearing of the ticket for nfs/[email protected]? Or maybe this is intended behaviour? Could the version of the KDC have an effect on this (we're not on latest release). -- Mvh/Regards, Bjørge Solli Systemarkitekt Unix klientdrift Overingeniør/Chief engineer at Uni. Bergen, IT, Infrastruktur, Unix Nygårdsgaten 5. Pb.7800, N-5020 Bergen, Norway. www.uib.no/it (+47) Tlf: (555)82774 Mob: 91614343 Fax: (555)84299 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
