Matt Garman <[email protected]> writes: > It appears that the problem has to do with my sshd options. In > particular, I had "GSSAPICleanupCredentials" set to yes (the default) in > /etc/ssh/sshd_config. So I believe what happens is, after the fork() > call, my ssh session ends, and removes my /tmp/krb5cc* file. Which > leaves my forked process running, but now without a TGT, and hence, no > NFSv4.
> Setting that sshd option to "no" and restarting sshd so far appears to > work. I'm not sure if this is the "best" way to fix this, perhaps > idmapd and/or rpcidmapd offer a more elegant solution. I'll have to > research those. Another possible solution to this problem is to modify your job scheduling system to invoke the actual job inside krenew. krenew is primarily for renewing Kerberos credentials for long-running jobs, but one of the other things that it does is that it makes an isolated copy of the current Kerberos ticket cache on startup precisely to detach the cache from any other session management that's happening. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
