On Tue, Sep 18, 2012 at 12:52 PM, Frank Cusack <[email protected]> wrote: > At least it should tell you where to drop keytabs and how to name them so > that the daemon can pick them up. > [...] > You're likely just not dropping the keytab into the right location and with > the right naming convention.
Are you talking about the system keytab, which I understand is only used to mount the share; or the individual user's keytab, to be used for per-file permissions? Take a look at http://linux.die.net/man/8/rpc.gssd, which is more or less the same as "man rpc.gssd" on my system. The -k param tells the daemon where to find "machine credentials"; the default is /etc/krb5.keytab. I think I have this much right, or I wouldn't be able to mount the share at all. The -d param tells the daemon where to find Kerberos credential files, the default being /tmp, which I were I see all my krb5cc_* files naturally going. > If the server is also RH then the stuff about idmap is a red herring. Linux > treats all instances (/foo) as equivalent to the main principal for NFS > purposes. So as long as your principal names match your usernames, and the > server can lookup username->uid, as would normally be the case, then you're > good from that end. If true (and I hope it is!), I can't seem to figure out how to make it a go. Isn't the above path stuff kind of pointless anyway, since I can use -k -t <file> with kinit at the user level? Which I have to do anyway, from within cron? Thanks again! Matt ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
