On Fri, Aug 17, 2012 at 11:21 AM, Matt Garman <[email protected]> wrote: > We have a simple, home-grown Perl-based job dispatching system. It's > basically a per-user daemon that listens on a socket for job requests. > When it gets a request, it calls fork() to dispatch the job. > > What we've found is that the fork()'ed jobs are getting "permission > denied" on NFSv4 mounts using krb5p security. Before the fork, > though, permissions are OK. > > I wrote this simple Perl script to demonstrate the problem: >
I think your script error is just the result of the differences between ssh foo.host > cmd and ssh foo.host cmd In the first you have a tty and in the second you don't. Your real problem is the hinky way that nfsv4 matches kerberos credentials to processes. I haven't dinked around with NFSv4 a lot, but there is a deamon that more or less sits and watches for krb tgt files in /tmp and attempts to match them to the appropriate process when the local nfsd needs a users credentials. I think what you want is to investigate idmapd or rpcidmapd on your system. - Booker C. Bense ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
