On 10/17/2011 3:21 AM, Martinsson Patrik wrote: > Well yes, however if you add > pkinit_identities = PKCS11:path-to-smartcardlib > to the [libdefaults] section of your krb5.conf, the rpc.gssd will segfault.
Do you have the core file from this (or from the kinit failure) or can you force a core file, then get a stack trace? Does this fail with other PKCS#11 libraries Can you try with opensc-pkcs11.so? Can you do an ldd command on the libiidp11.so and on kinit or tpc.gssd to see what other libs each needs? This could be a linking problem with libiidp11.so, where is ends up using the wrong version of some lib used by kinit. > > In my world that means that rpc.gssd reads the pkinit-option in some way, but > I'm not sure. > > Best regards, > Patrik Martinsson, Sweden. > > > > > > Från: Frank Cusack [mailto:[email protected]] > Skickat: den 14 oktober 2011 20:04 > Till: Martinsson Patrik > Kopia: [email protected] > Ämne: Re: pkinit and nfs > > On Fri, Oct 14, 2011 at 1:56 AM, Martinsson > Patrik<[email protected]<mailto:[email protected]>> wrote: > How do I setup krb5.conf to get nfs not use pkinit, whilst when for example > doing a regular "kinit" pkinit should be used. > > "nfs", i.e. rpc.gssd, does not use pkinit ever. It uses only a keytab. > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <[email protected]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
